The page has been translated by Gen AI.

Access Control

If you set bucket access control to enabled, only resources that are allowed access can access the bucket. You can set it to allow access by entering a public IP or for resources created in the Samsung Cloud Platform Console.

Set up access control

You can set bucket access control to enabled.

Object Storage Follow the steps below to set up access control.

  1. All Services > Storage > Object Storage Click the menu. Go to the Service Home page.
  2. Click the Object Storage menu on the Service Home page. Navigate to the Object Storage list page.
  3. Click the resource (bucket) to set access control on the Object Storage List page. It navigates to the Object Storage Details page.
  4. Verify that Access Control is Unused on the Object Storage Details page.
  5. Click the Edit button if Access Control is Unused. The Edit Access Control popup opens.
  6. After checking Access Control Use, click the Confirm button. On the Object Storage Details page, Access Control will be changed to Use.
Notice
If you change the access control to use, you can set the access control for Public UP, service resources, and Cloud Functions services.
  1. Public IP, Register service resources to allow access, or set whether to use access control for the Cloud Functions service.
CategoryDetailed description
Public IP AllowAdd registered Public IP or CIDR
  • Example: 192.168.x.x, 192.168.x.x/24
Allow Service ResourcesSelect service resources created in the same Account/Region
  • Service: Service Name
    • Example: Virutal Server, GPU Server, Bare Metal Server, Multi-node GPU Cluster, VPC Endpoint, PostgreSQL, MariaDB, MySQL, EPAS, Microsoft SQL Server
  • Resource Name: Name of the service resource
Allow Cloud Functions serviceSetting whether to allow Object Storage access to modify Java Runtime code in Cloud Functions service
  • Allowed when set, Cloud Functions service can load Java Runtime executable files stored in Object Storage
Table. Access Control Items
Reference
If you modify the access permission, it may take up to 30 seconds for the changes to be completed.
Reference

South Korea (kr-south) region constraints

  • South Korea (kr-south) region does not provide Cloud Functions service, so the Cloud Functions Service Allowance feature cannot be used.

Allow Public IP Access

If bucket access control is set to enabled, you can add a public IP allowance.

Object Storage in to add Public IP access permission, follow the steps below.

  1. All Services > Storage > Object Storage Click the menu. Service Home page will be navigated to.
  2. Click the Object Storage menu on the Service Home page. Navigate to the Object Storage list page.
  3. Object Storage List page, click the resource (bucket) to set access control. Navigate to the Object Storage Details page.
  4. Object Storage Details page, check if access control is enabled.
    • If Access control is unused, click the Edit button, then in the Access control popup change access control to Enabled.
    • Only when access control is enabled, the Allow IP Access, Allow Service Resources, Allow Cloud Functions Service list is displayed.
  5. Public IP Allow in Edit click the button. Public IP Allow Edit The popup window opens.
  6. Enter the Public IP to allow access, and click the Add button.
    ColumnRequiredDetailed description
    Public IP AllowedRequiredEnter as a single IP or CIDR format (up to 150 entries)
    • 192.168.x.x (IP format)
    • 192.168.x.x/24 (CIDR format)
    Table. Public IP Allowance Edit Popup Input Items
  7. Check the items added to the list and press the Confirm button.
  8. Check the added Public IP in the Object Storage Details page’s Access Control > Allow Public IP list.
Reference
  • If you modify the Public IP allowance, it may take up to 30 seconds for the changes to be completed.
  • Public IPs are allowed up to a maximum of 150.

Allow access to service resources

If bucket access control is set to enabled, you can add service resources in the allowed service resources.

Object Storage Follow the steps below to allow access to service resources.

  1. Click the All Services > Storage > Object Storage menu. Go to the Service Home page.
  2. Service Home page, click the Object Storage menu. Navigate to the Object Storage list page.
  3. Object Storage List page, click the resource (bucket) to set access control. Object Storage Details page navigate.
  4. Object Storage Details on the page, check whether Access Control is enabled.
    • Access control is unused, click the Edit button, then in the Access control popup change access control to Enabled.
    • Only when access control is enabled, the IP access allowed, service resource allowed, Cloud Functions service allowed list is displayed.
  5. Click the Edit button in Allow Service Resources. The Select Service Resources popup opens.
Notice

  • The allowed criteria per service are as follows.

    • Virtual Server/GPU Server/Bare Metal Server/Multi-node GPU Cluster: Allowed per server
    • VPC Endpoint: Allow per VPC Endpoint
    • PostgreSQL, MariaDB, MySQL, EPAS, Microsoft SQL Server: Allowed per cluster

  • To access Object Storage from the server, the following tasks are required.

    1. Verify Object Storage IP via nslookup command on the server
    2. Register rule through Security Group or Firewall service and apply to server
      • Target address: Object Storage IP confirmed in ①
      • Direction : Outbound
      • Service : TCP 80, 443 (80 when using http / 443 when using https)
Caution

If each service’s status is as follows, permission and revocation of service resource access are possible. If it is not the following status, previously permitted service resources may also be affected.

  • Virtual Server/GPU Server: Build, Building, Networking, Scheduling, Block_Device_Mapping, Spawning, Deleting, Error and other statuses
  • Bare Metal Server/Multi-node GPU Cluster: Running, Starting, Stopping, Stopped
  • VPC Endpoint: Active
  • PostgreSQL/MariaDB/MySQL/EPAS/Microsoft SQL Server: Running
  1. Select the server to allow access, and press the Confirm button.
  2. Check the added server in the Object Storage Details page’s Access Control > Service Resource Allow list.
Reference
  • Modifying service resource permissions may take up to 30 seconds for changes to be completed.
  • Up to 150 service resources are allowed.

Cloud Functions Allow Service Access

If access control on the bucket is set to enabled, you can allow the Cloud Functions service to access Object Storage.

To allow access to the Cloud Functions service from Object Storage, follow these steps.

  1. All Services > Storage > Object Storage Click the menu. Service Home page will be displayed.
  2. Click the Object Storage menu on the Service Home page. You will be taken to the Object Storage list page.
  3. Object Storage List On the page, click the resource (bucket) to set access control. Object Storage Details Navigate to the page.
  4. Object Storage Details page, check if access control is enabled.
    • If Access Control is Disabled, click the Edit button, then in the Access Control popup change Access Control to Enabled.
    • Only when access control is enabled, the list of Allow IP Access, Allow Service Resources, Allow Cloud Functions Service is displayed.
  5. Click the Edit button in Cloud Functions Service Allow. The Cloud Functions Service Edit popup opens.
  6. After checking Allow, click the Confirm button.
Reference
  • When the access permission setting for the Cloud Functions service is completed, the Cloud Functions service can retrieve the Java Runtime executable stored in Object Storage.
  • For loading the Java Runtime executable in the Cloud Functions service, refer to Change Java Runtime code.
Reference

South Korea (kr-south) region constraints

  • The South Korea (kr-south) region does not provide Cloud Funtions service, so the Allow Cloud Functions Service feature cannot be used.
How-to guides
File and Folder Management