IBM Cloud Docs
Connecting to IBM Cloud Object Storage

Connecting to IBM Cloud Object Storage

Use the following information to learn how to connect to IBM Cloud® Object Storage from your virtual private cloud.

What is IBM Cloud Object Storage?

IBM Cloud Object Storage is a web-scale platform that stores unstructured data. It provides reliability, security, availability, and disaster recovery without replication.

Information that is stored with IBM Cloud Object Storage is encrypted and dispersed across multiple geographic locations. It is accessible through an implementation of the S3 API. This service uses the distributed storage technologies that are provided by the IBM Cloud® Object Storage System.

IBM Cloud Object Storage is available with three types of configurations for resiliency: Cross Region, Regional, and Single data center.

  • Cross Region service provides higher durability and availability than using a single region, at the cost of slightly higher latency. This service is available today in the US, E.U., and A.P. areas.
  • Regional service reverses the tradeoffs. It distributes objects across multiple availability zones within a single region. It is available in the US, E.U., and A.P. regions. If a region or zone is unavailable, the object store continues to function without impediment.
  • Single data center service distributes objects across multiple machines within the same physical location. Check this document regularly for available regions.

IBM Cloud Object Storage direct endpoints for use with VPC

To send a REST API request, you must set a target endpoint or a URL, and each IBM Cloud Object Storage location must have its own set of URLs. Direct endpoints provide your servers with high-speed, direct connections to IBM Cloud services, which incur no added bandwidth costs. With the IBM Cloud Object Storage direct endpoint, a VPC can connect to an Object Storage bucket located anywhere in the world.

You don't incur charges for traffic from your VPCs to all Object Storage endpoints that are listed in the following tables.

  • A VPC client also has access to the IBM Cloud Object Storage bucket over the public endpoint.
  • A VPC client has access to the IBM Cloud Object Storage configuration API over the public endpoint and direct endpoint. You can use the IBM Cloud Object Storage configuration API to configure some IBM Cloud Object Storage features on buckets, and to view bucket metadata.
  • A VPC client can access an IBM Cloud Object Storage bucket when context-based restrictions are in place by setting the network zone to the VPC ID. VPC clients can't access buckets that are restricted to using a traditional bucket firewall.

How to connect to IBM Cloud Object Storage from a VPC

  1. Provision an IBM Cloud Object Storage instance. For more information, see Getting started with IBM Cloud Object Storage.
  2. Create an IBM Cloud Object Storage bucket in one of the regions listed in the following section.
  3. Use the endpoint to communicate with your IBM Cloud Object Storage bucket.

Regional endpoints

Buckets that are created at a regional endpoint distribute data across three data centers, which are spread across a metropolitan area. Any one of these data centers can suffer an outage, or even destruction, without affecting availability.

Table 1. VPC regional endpoints for North and South America
This table displays the VPC Regional Endpoints.
Location Region Endpoint
US South (Dallas) us-south s3.direct.us-south.cloud-object-storage.appdomain.cloud
US East (Washington DC) us-east s3.direct.us-east.cloud-object-storage.appdomain.cloud
Brazil (São Paulo) br-sao s3.direct.br-sao.cloud-object-storage.appdomain.cloud
Canada (Toronto) ca-tor s3.direct.ca-tor.cloud-object-storage.appdomain.cloud
Table 1. VPC regional endpoints for Europe
This table displays the VPC Regional Endpoints.
Location Region Endpoint
United Kingdom (London) eu-gb s3.direct.eu-gb.cloud-object-storage.appdomain.cloud
EU Germany (Frankfurt) eu-de s3.direct.eu-de.cloud-object-storage.appdomain.cloud
Spain (Madrid) eu-es s3.direct.eu-es.cloud-object-storage.appdomain.cloud
Table 1. VPC regional endpoints for Asia Pacific
This table displays the VPC Regional Endpoints.
Location Region Endpoint
Japan (Tokyo) jp-tok s3.direct.jp-tok.cloud-object-storage.appdomain.cloud
Japan (Osaka) jp-osa s3.direct.jp-osa.cloud-object-storage.appdomain.cloud
Australia (Sydney) au-syd s3.direct.au-syd.cloud-object-storage.appdomain.cloud

Cross-region endpoints

Buckets that are created at a cross-region endpoint distribute data across three regions. Any one of these regions can suffer an outage or even destruction without affecting availability. Requests are routed to the nearest region's data center by using Border Gateway Protocol (BGP) routing.

If an outage occurs, requests are automatically rerouted to an active region. Advanced users who want to write their own failover logic can do so by sending requests to the specific region's endpoint and bypassing the BGP routing.

Table 2. Cross-region endpoints for the US
US cross-region access point Endpoint
US s3.direct.us.cloud-object-storage.appdomain.cloud
Dallas s3.direct.dal.us.cloud-object-storage.appdomain.cloud
San Jose s3.direct.sjc.us.cloud-object-storage.appdomain.cloud
Table 3. Cross-region endpoints for the EU
E.U. cross-region access point Endpoint
E.U. s3.direct.eu.cloud-object-storage.appdomain.cloud
Amsterdam s3.direct.ams.eu.cloud-object-storage.appdomain.cloud
Frankfurt s3.direct.fra.eu.cloud-object-storage.appdomain.cloud
Milan s3.direct.mil.eu.cloud-object-storage.appdomain.cloud
Table 4. Cross-region endpoints for Asia Pacific
Asia Pacific cross-region access point Endpoint
A.P. s3.direct.ap.cloud-object-storage.appdomain.cloud
Tokyo s3.direct.tok.ap.cloud-object-storage.appdomain.cloud
Seoul s3.direct.seo.ap.cloud-object-storage.appdomain.cloud
Hong Kong S.A.R. of the PRC s3.direct.hkg.ap.cloud-object-storage.appdomain.cloud

Single data center endpoints

Single data centers aren't colocated with IBM Cloud® services, such as IAM or Key Protect, and they offer no resiliency if a site has an outage or is destroyed.

If a networking failure results in a partition, such that the data center can't reach a core IBM Cloud® region for access to IAM, authorization information is read from a cache that might become stale. This action can result in a lack of enforcement of new or altered IAM policies for up to 24 hours.

Table 5. Single datacenter endpoints
Region access point Endpoint
Amsterdam, Netherlands s3.direct.ams03.cloud-object-storage.appdomain.cloud
Chennai, India s3.direct.che01.cloud-object-storage.appdomain.cloud
Hong Kong S.A.R. of the PRC s3.direct.hkg02.cloud-object-storage.appdomain.cloud
Melbourne, Australia s3.direct.mel01.cloud-object-storage.appdomain.cloud
Mexico City, Mexico s3.direct.mex01.cloud-object-storage.appdomain.cloud
Milan, Italy s3.direct.mil01.cloud-object-storage.appdomain.cloud
Montréal, Canada s3.direct.mon01.cloud-object-storage.appdomain.cloud
Oslo, Norway s3.direct.osl01.cloud-object-storage.appdomain.cloud
San Jose, US s3.direct.sjc04.cloud-object-storage.appdomain.cloud
São Paulo, Brazil s3.direct.sao01.cloud-object-storage.appdomain.cloud
Seoul, South Korea s3.direct.seo01.cloud-object-storage.appdomain.cloud
Toronto, Canada s3.direct.tor01.cloud-object-storage.appdomain.cloud