Operations on Buckets With the Wasabi S3 API
    • 15 Nov 2024
    • 8 Minutes to read
    • PDF

    Operations on Buckets With the Wasabi S3 API

    • PDF

    Article summary

    Operations on buckets include: deleting, renaming, and logging buckets as well as cross-origin resource sharing (CORS) support, lifecycle policy, object locking, and compliance. 

    By default, public use of a bucket, folder, or file is allowed only by certain paid (not trial) accounts. If your account does not have access to this feature, contact Wasabi Support at support@wasabi.com for assistance.

    DELETE BUCKET force_delete=true Option

    AWS S3 will not allow you to delete a bucket if it contains objects that have not been deleted.

    Wasabi provides a force_delete=true option that first deletes all the objects in the bucket and then deletes the bucket. The deletion of objects is subject to policy and compliance requirements on the bucket.

    To specify the force_delete=true option, simply add it as a query string. For example:

    DELETE http://s3.wasabisys.com/my-bucket?force_delete=true HTTP/1.1

    Renaming a Bucket

    AWS S3 does not support renaming of buckets. It only supports renaming of objects in a bucket.

    Wasabi supports the renaming of buckets. The new bucket name must not be in use for the rename to be successful. The caller must have the s3:CreateBucket policy permission to rename a bucket.

    To rename a bucket, use the HTTP method MOVE along with the header field “Destination” to give the new bucket name. For example:

    MOVE http://s3.wasabisys.com/my_old_bucket HTTP/1.1
    Destination: my_new_bucket

    MFA (Multi-Factor Authentication) Delete

    Wasabi supports the “x-amz-mfa” header while:

    • configuring versioning on a bucket, or
    • deleting objects with delete object requests compatible with AWS S3.

    Wasabi does not require the “x-amz-mfa” header if the user's access credentials signing the request were authenticated with MFA. Wasabi only supports virtual MFA devices.

    Maximum Number of Buckets

    Standard AWS S3 supports only 100 buckets.

    Wasabi allows for a maximum of 1000 buckets per account and this number may be increased by contacting Wasabi Customer Support.

    Bucket Logging

    Wasabi supports bucket logging, which creates a text log file of all access to a bucket. The format of the log file is identical to the AWS S3 log file.

    Wasabi bucket logging does not require any ACL permission settings to store logs in a target bucket. Although you can give permission settings in the logging request or in an ACL, they are not required for logging to work in Wasabi. However, the bucket that is a target for log files must be inside the same account as the bucket being logged.

    Bucket Cross-Origin Resource Sharing (CORS) Support

    For compatibility with browser access to Wasabi as a web server, the Wasabi server will return CORS headers when the header “Origin” is given in an HTTP request. Additionally, the server supports the HTTP method OPTIONS on either buckets or objects to return the CORS headers needed for a browser pre-flight test before accessing Wasabi.

    Different from AWS, Wasabi returns the settings that will allow the browser full access to Wasabi. Hence, Wasabi does not support the AWS functions that allow a PUT and GET on a bucket with the “cors” parameter in the URL. Note that allowing browser full access to data does not affect the security of access to any objects and all access policies will still be enforced.

    The following are the HTTP headers returned by default when the header “Origin” is given in an HTTP request:

    Access-Control-Allow-Headers: *
    Access-Control-Allow-Methods: GET, HEAD, POST, PUT, DELETE, MOVE, OPTIONS
    Access-Control-Allow-Origin: *
    Access-Control-Expose-Headers: *
    Access-Control-Max-Age: 86400

    Event Notifications (SNS)

    Wasabi supports the AWS Simple Notification Service (SNS), which is used to configure Event Notifications so you can receive information about specific storage activities that take place on your account. 

    To use the Event Notifications feature, you must add AWS credentials to the Event Notifications tab on the Console Settings page. Then, configure Event Notifications for each bucket in Bucket Settings.

    You can define the types of events for which to receive notifications related to specific topics. Subscribers of a topic will then receive those notifications from Wasabi. 

    Lifecycle Policy

    The Lifecyle feature establishes a Lifecycle policy with rules to define actions that you want Wasabi to take during the life of an object. This feature replaces the need to manually delete an object after a retention period.

    Configuring Lifecycle Settings

    The lifecycle settings for a bucket are configuring with the "put-bucket-lifecycle-configuration" command. For example:

    $ aws s3api put-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com --lifecycle-configuration file://lifecycle.json
    {
    
        "Rules": [
            {
                "Expiration": {
                    "Days": 1
                },
                "ID": "lifecycle_rule_1",
                "Filter": {
                    "And": {
                        "ObjectSizeGreaterThan": 1,
                        "ObjectSizeLessThan": 21474836480
                    }
                },
                "Status": "Enabled"
            },
            {
                "Expiration": {
                    "Days": 1
                },
                "ID": "object_lifecycle_rule_bucket_6807766",
                "Filter": {
                    "Prefix": "1"
                },
                "Status": "Enabled"
            }
        ]
    }

    Here is another example:

    PUT https://s3.wasabisys.com/1-1-1-1?lifecycle
    <LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
        <Rule>
            <Expiration>
                <Days>1</Days>
            </Expiration>
            <ID>lifecycle_rule_1</ID>
            <Filter>
                <And>
                    <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                    <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
                </And>
            </Filter>
            <Status>Enabled</Status>
        </Rule>
        <Rule>
            <Expiration>
                <Days>1</Days>
            </Expiration>
            <ID>object_lifecycle_rule_bucket_6807766</ID>
            <Filter>
                <Prefix>1</Prefix>
            </Filter>
            <Status>Enabled</Status>
        </Rule>
    </LifecycleConfiguration>

    There is no response body for this call.

    Retrieving Lifecycle Settings

    The lifecycle settings for a bucket can be retrieved with the "get-bucket-lifecycle-configuration" command. For example:

    $ aws s3api get-bucket-lifecycle-configuration --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com
    {
        "Rules": [
            {
                "Expiration": {
                    "Days": 1
                },
                "ID": "lifecycle_rule_1",
                "Filter": {
                    "And": {
                        "ObjectSizeGreaterThan": 1,
                        "ObjectSizeLessThan": 21474836480
                    }
                },
                "Status": "Enabled"
            },
            {
                "Expiration": {
                    "Days": 1
                },
                "ID": "object_lifecycle_rule_bucket_6807766",
                "Filter": {
                    "Prefix": "1"
                },
                "Status": "Enabled"
            }
        ]
    }

    Here is another example:

    GET https://s3.wasabisys.com/1-1-1-1?lifecycle
    <?xml version="1.0" encoding="UTF-8"?>
    <LifecycleConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
        <Rule>
            <Expiration>
                <Days>1</Days>
            </Expiration>
            <ID>lifecycle_rule_1</ID>
            <Filter>
                <And>
                    <ObjectSizeGreaterThan>1</ObjectSizeGreaterThan>
                    <ObjectSizeLessThan>21474836480</ObjectSizeLessThan>
                </And>
            </Filter>
            <Status>Enabled</Status>
        </Rule>
        <Rule>
            <Expiration>
                <Days>1</Days>
            </Expiration>
            <ID>object_lifecycle_rule_bucket_6807766</ID>
            <Filter>
                <Prefix>1</Prefix>
            </Filter>
            <Status>Enabled</Status>
        </Rule>
    </LifecycleConfiguration>

    Deleting Lifecycle Settings

    The lifecycle settings for a bucket can be deleted with the "delete-bucket-lifecycle" command. For example:

    $ aws s3api delete-bucket-lifecycle --bucket 1-1-1-1 --endpoint-url https://s3.wasabisys.com

    Here is another example:

    DELETE http://wasabisys.com/1-1-1-1?lifecycle

    There is no response body for this call.

    Object Lock

    Wasabi supports an object lock that prevents the deletion or overwrite of object versions for a fixed amount of time or indefinitely.

    TagDescription
    ObjectLockConfigurationThis is the mandatory root level tag for object lock configuration.
    ObjectLockEnabledThis tag must be configured as Enabled.
    RuleThis specifies the object lock rule for a bucket. It requires both a mode and a period. The period can be either Days or Years but you must select one. You cannot specify Days and Years at the same time.
    Mode should be either COMPLIANCE or GOVERNANCE.

    The object lock settings for a bucket are specified using the “?object-lock” query string along with the object lock settings as the XML body in the request. For example:

    PUT https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1
    <ObjectLockConfiguration>
         <ObjectLockEnabled>Enabled</ObjectLockEnabled>
         <Rule>
              <DefaultRetention>
                   <Mode>COMPLIANCE</Mode>
                   <Days>10</Days>
              </DefaultRetention>
         </Rule>
    </ObjectLockConfiguration>

    The object lock settings for a bucket can be retrieved by getting the bucket with the “?object-lock” query string. For example:

    GET https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1

    Response body:

    <?xml version="1.0" encoding="UTF-8"?>
    <ObjectLockConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
         <ObjectLockEnabled>Enabled</ObjectLockEnabled>
         <Rule>
              <DefaultRetention>
                   <Mode>COMPLIANCE</Mode>
                   <Days>10</Days>
              </DefaultRetention>
         </Rule>
    </ObjectLockConfiguration>

    There are also object lock settings for each object described in Operations on Objects.

    The object lock settings for a bucket can be cleared using "?object-lock" query string. For example:

    PUT https://s3.wasabisys.com/qa.objectlock.002/?object-lock HTTP/1.1

    Response body:

    <ObjectLockConfiguration>
         <ObjectLockEnabled>Enabled</ObjectLockEnabled>
              <Rule>
                   <DefaultRetention>
                        <Mode></Mode>
                        <Days></Days>
              </DefaultRetention>
         </Rule>
    </ObjectLockConfiguration>

    Wasabi Compliance

    Wasabi supports a compliance policy that prevents the deletion of objects and provides additional information to prove that the original data is not modified since the time written. The compliance feature may be required for certain regulatory needs, but is also useful to prevent accidental data deletion.

    Compliance is different from the object locking setting for a bucket.

    You can set the compliance policy on any bucket controlling all the objects that are stored in that bucket. Specify the bucket compliance policy with the following XML tags.

    TagDescription
    StatusEither “enabled” or “disabled” to turn compliance on and off, respectively. Enabling will immediately apply to all objects in the bucket.
    LockTimeThe time at which the compliance settings are “locked”—the settings cannot be reduced by any API call. Once the settings are locked, they cannot be unlocked without the intervention of Wasabi Customer Support. The lock time allows you to support two use cases:
    1. Testing that your software works properly before locking the compliance feature; or
    2. Never locking which means that data can be deleted with an additional step of an administrator turning compliance off.
    The lock time parameter may be:
    • An ISO date (for example, 2016-11-07T15:08:05Z),
    • The string “now” to force immediate locking, or
    • The string “off to not lock the compliance settings. This is the default.
    RetentionDaysAn integer for the minimum number of days that objects are always retained after their creation date or release from conditional hold. You can extend the retention date for any individual object, but may not shorten the date. This parameter is always required.
    ConditionalHoldA Boolean value (“true” or “false”) indicating if newly created objects are placed on conditional hold, meaning that they cannot be deleted until the conditional hold is explicitly turned off. The default is false if this parameter is not given. Note that this setting may be changed even after the settings are locked.

    The compliance settings for a bucket are specified using the “?compliance” query string along with the compliance settings as the XML body in the request. For example:

    PUT http://s3.wasabisys.com/my-bucket?complianceHTTP./1.1
    <BucketComplianceConfiguration>
         <Status>enabled</Status>
         <LockTime>off</LockTime>
         <RetentionDays>365</RetentionDays>
         <DeleteAfterRetention>true</DeleteAfterRetention>
    </BucketComplianceConfiguration>

    After compliance is enabled for a bucket, the policy is immediately applied to all objects in the bucket. An attempt to delete an object before the retention period will return an error.

    The compliance settings for a bucket can be retrieved by getting the bucket with the “?compliance” query string. For example:

    GET http://s3.wasabisys.com/my-buck?complianceHTTP/1.1

    Response body:

    <BucketComplianceConfiguration xml ns="http://s3.amazonaws.com/doc/2006-03-01/">
         <Status>enabled</Status>
         <LockTime>2016-11-07T15:08:05Z</LockTime>
         <IsLocked>false</IsLocked>
         <RetentionDays>0</RetentionDays>
         <ConditionalHold>false</ConditionalHold>
         <DeleteAfterRetention>false</DeleteAfterRetention>
    </BucketComplianceConfiguration>

    There are also compliance settings for each object described in Operations on Objects.

    Operations on Buckets Not Supported in Wasabi

    OperationDescription
    Bucket TaggingBucket tagging is currently unavailable in Wasabi.
    Bucket WebsiteWebsite configuration is unavailable in Wasabi. Given the nature of Wasabi as a long-term object store, we do not expect to support website operations to buckets.
    The header “x-amz-website-redirect-location” is ignored in any object requests.
    Bucket AccelerateWasabi does not implement the AWS S3 bucket accelerate subresource.
    Bucket LocationWasabi always returns the bucket location as “us-east”. When creating a bucket, the “LocationConstraint” request data is ignored.
    Bucket Request PaymentWasabi does not support the use of the “requestPayment” subresource for buckets.
    Metrics ConfigurationWasabi does not support the operation to receive one-minute CloudWatch metrics, set CloudWatch alarms, and access CloudWatch dashboards to view near-real-time operations and performance of your Amazon S3 storage.

    S3 Block Public Access

    Wasabi does not support the operation to centrally block existing public access (whether made possible via an ACL or a policy) and make sure newly created items are not inadvertently granted public access.
    S3 SelectWasabi does not support the S3 Select API.