IBM Cloud Docs
IBM Cloud Object Storage

IBM Cloud Object Storage

IBM Cloud Object Storage is a highly scalable cloud storage service, which is designed for high durability, resiliency, and security. Store, manage, and access your data through the self-service portal and RESTful APIs. The files that are uploaded into IBM Cloud Object Storage are called objects. The uploaded objects are organized into buckets that serve as containers for objects.

A IBM Cloud Object Storage represents a service destination, where an incoming notification can be stored and consumed programmatically to actions.

Configuring a IBM Cloud Object Storage destination in the UI

Before you configure IBM Cloud Object Storage as a destination, make sure that you have an IBM Cloud Object Storage instance created and configured in the same account as your Event Notifications instance.

If you are using Event Notifications CLI or API to configure IBM Cloud Object Storage service instance as a destination, ensure that you have enabled authorization to grant access between services before integrating with IBM Cloud Object Storage. For more information, see Using authorizations to grant access between services.

If you want to enforce access restrictions based on IP addresses, it is recommended to use context-based restrictions instead of a legacy bucket firewall. For details, see Restricting access by network context in the Object Storage documentation. If your setup must continue use of a legacy firewall, use the Support Center to create a support case for assistance with the IP range information.

To configure a IBM Cloud Object Storage destination, do the following steps:

  1. From your Event Notifications instance dashboard, click Destinations.

  2. Click Add + to add new destination.

  3. In the Add a destination side panel, provide the following details.

    • Name - Enter a name for your destination.

    • Description - Optionally, enter a description for your destination.

    • Type - Under Destination, for the Type, select IBM Cloud Object Storage from the list as your destination type.

    • Instance name - Select the IBM Cloud Object Storage instance name from the list, if you already have an IBM Cloud Object Storage instance. Otherwise, click the Create new instance link, to create an IBM Cloud Object Storage instance.

      When you select an IBM Cloud Object Storage instance, the authorization between the services will be created internally between the two service instances, if the authorization between the services doesn't exist.

    • Bucket name - Enter the Bucket name to be used for creating a new object per notification into the IBM Cloud Object Storage instance.

      You can get the bucket name from your IBM Cloud Object Storage instance. For more information, see Bucket name.

      The pattern (is a combination of destination name and notification ID) that Event Notifications uses to store the object in IBM Cloud Object Storage bucket is similar to the following example:

      Rhonda Macejkovic/013f87bc-0537-4dad-8511-8cb054890ffc.json,

      where Rhonda Macejkovic is destination name and 013f87bc-0537-4dad-8511-8cb054890ffc is notification ID. .json is the payload format.

    • Endpoint - Enter the IBM Cloud Object Storage endpoint URL. For more information, see Endpoint url.

  4. Click Add.

Using authorizations to grant access between services

Use IBM Cloud® Identity and Access Management (IAM) to create or remove an authorization that grants one service access to another service.

Creating an authorization in the console

  1. In the IBM Cloud console, click Manage > Access (IAM), and select Authorizations.

  2. Click Create.

  3. Select a source account.

    • If the source service that needs access to the target service is in this account, select This account.
  4. Select a Source service as Event Notifications.

  5. Specify whether you want the authorization to be for all resources or Resources based on selected attributes. If you selected Resources based on selected attributes, then specify the Add attributes: only source resource group or only source service instance.

  6. Select a Target service as IBM Cloud Object Storage.

  7. For the target service, specify whether you want the authorization to be for all instances, only to a specific instance in the account, or instances only in a certain resource group.

  8. Select both the roles (Reader, and Object Writer) to assign access to the source service that accesses the target service.

    If you have selected only one of these two roles (Reader or Object Writer) during the service to service authorization, you may endup with not able to write or read from the IBM Cloud Object Storage bucket. You will get an error for service to service authorization failure in these cases. Make sure to recreate an authorization between the services with both the roles selected.

  9. Click Authorize.

Creating an authorization by using the CLI

To authorize a source service to access a target service, run the ibmcloud iam authorization-policy-create command.

For more information about all of the parameters that are available for this command, see ibmcloud iam authorization-policy-create.

How to find the Bucket name in the IBM Cloud Object Storage service instance?

  1. Login to your IBM Cloud account.

  2. Navigate to Resource List in the menu.

  3. Navigate to Storage in the Resource list.

  4. Click the IBM Cloud Object Storage name that will display your IBM Cloud Object Storage console.

  5. In the IBM Cloud Object Storage console, navigate to Buckets.

  6. Select and copy the required Bucket name that need to used in the destination creation process. Use this copied Bucket name in the destination creation screen.

How to find the Endpoint URL of the IBM Cloud Object Storage service instance?

Endpoints are used with your credentials (Bucket name, API Key, SDK) to tell your service where to look for your bucket.

  1. Login to your IBM Cloud account.

  2. Navigate to Resource List in the menu.

  3. Navigate to Storage in the Resource list.

  4. Click the IBM Cloud Object Storage name that will display your IBM Cloud Object Storage console.

  5. In the IBM Cloud Object Storage console, navigate to Buckets in the menu.

  6. Click the required Bucket name to view the Bucket configuration details.

  7. Navigate to Endpoints section and copy your public or private endpoints as required. Use this value as the Endpoint in the Configuring a IBM Cloud Object Storage destination section.

Testing a IBM Cloud Object Storage destination configuration

You can test a IBM Cloud Object Storage destination in the options menu provided againts the destination. You can effortlessly test a destination, whether the provided configuration is correct or not with a single click.

For more information on testing a destination, see here.