The page has been translated by Gen AI.

Access Control

If you set bucket access control to enabled, only resources that are permitted can access the bucket. You can enter a public IP or configure settings to allow access to resources created in the Samsung Cloud Platform Console.

Setting up Access Control

You can set the bucket’s access control to enabled.

Object Storage Follow the steps below to configure access control settings.

  1. Click the All Services > Storage > Object Storage menu. Navigate to the Service Home page.
  2. On the Service Home page, click the Object Storage menu. You will be taken to the Object Storage List page.
  3. Object Storage List page, click the resource (bucket) to set access control. You will be taken to the Object Storage Details page.
  4. Verify on the Object Storage Details page whether access control is unused.
  5. Access control is disabled, click the Edit button. Access control edit popup opens.
  6. After checking Use for access control, click the Confirm button. In the Object Storage Details page, access control will be set to Use.
guide
If you change the access control to Enabled, you can configure the access control for Public UP, service resources, and Cloud Functions services.
  1. Register service resources to grant access using a Public IP, or configure whether to enable access control for the Cloud Functions service.
CategoryDetailed description
Allow public IPAdd registered Public IP or CIDR
  • Example: 192.168.x.x, 192.168.x.x/24
Allow service resourcesSelect service resources created in the same Account/Region
  • Service: Service name
    • Examples: Virutal Server, GPU Server, Bare Metal Server, Multi-node GPU Cluster, VPC Endpoint, PostgreSQL, MariaDB, MySQL, EPAS, Microsoft SQL Server
  • Resource name: Name of the service resource
Allow Cloud Functions serviceSetting whether to allow Object Storage access to modify Java Runtime code in the Cloud Functions service
  • When set to Allow, the Cloud Functions service can retrieve Java Runtime executable files stored in Object Storage.
Table. Access Control Items
Reference
If you modify the access permission, it may take up to 30 seconds for the changes to be applied.
Reference

South Korea (kr-south) region constraints

  • The South Korea (kr-south) region does not provide Cloud Funtions service, so the Allow Cloud Functions Service feature cannot be used.

Allow public IP access

If the bucket’s access control is set to enabled, you can add a public IP allowance.

To add Public IP access permission in Object Storage, follow the steps below.

  1. Click the All Services > Storage > Object Storage menu. Navigate to the Service Home page.
  2. On the Service Home page, click the Object Storage menu. You will be taken to the Object Storage List page.
  3. On the Object Storage List page, click the resource (bucket) for which you want to set access control. You will be taken to the Object Storage Details page.
  4. On the Object Storage Details page, verify that access control is enabled.
    • If Access Control is Disabled, click the Edit button, then change Access Control to Enabled in the Access Control popup.
    • When access control is enabled, only the Allow IP Access, Allow Service Resources, Allow Cloud Functions Service lists are displayed.
  5. Click the Edit button in Allow Public IP. The Edit Allow Public IP popup window opens.
  6. Enter the Public IP to allow access, and click the Add button.
    columnRequiredDetailed description
    Allow public IPRequiredEnter a single IP or CIDR format (up to 150 entries)
    • 192.168.x.x (IP format)
    • 192.168.x.x/24 (CIDR format)
    Table. Public IP Allowance Edit Popup Input Fields
  7. Verify the items added to the list and click the Confirm button.
  8. Check the added Public IP in the Object Storage Details page’s Access Control > Allow Public IP list.
Reference
  • If you modify the public IP allowance, it may take up to 30 seconds for the changes to be applied.
  • A maximum of 150 public IPs are allowed.

Allow access to service resources

If access control is set to enabled on the bucket, you can add service resources in the service resource allowance.

To permit access to service resources in Object Storage, follow the steps below.

  1. Click the All Services > Storage > Object Storage menu. Navigate to the Service Home page.
  2. On the Service Home page, click the Object Storage menu. You will be taken to the Object Storage List page.
  3. On the Object Storage List page, click the resource (bucket) for which you want to set access control. You will be taken to the Object Storage Details page.
  4. Verify that Access Control is enabled on the Object Storage Details page.
    • If Access Control is Disabled, click the Edit button, then change Access Control to Enabled in the Access Control popup.
    • When access control is enabled, only the Allow IP Access, Allow Service Resources, Allow Cloud Functions Service lists are displayed.
  5. Click the Edit button in Service Resource Allowance. The Service Resource Selection popup opens.
guide

  • The permissible criteria for each service are as follows.

    • Virtual Server/GPU Server/Bare Metal Server/Multi-node GPU Cluster: Allowed per server
    • VPC Endpoint: Allow per VPC Endpoint
    • PostgreSQL, MariaDB, MySQL, EPAS, Microsoft SQL Server: Allowed per cluster

  • The following steps are required to access Object Storage from the server.

    1. Check the Object Storage IP on the server using the nslookup command
    2. Register a rule through the Security Group or Firewall service and apply it to the server.
      • Target address: Object Storage IP confirmed in ①
      • Direction : Outbound
      • Service: TCP 80, 443 (80 when using http / 443 when using https)
Caution

If each service’s status is as follows, granting and revoking access to service resources is possible. If the status is not as listed, previously granted service resources may also be affected.

  • Virtual Server/GPU Server: Build, Building, Networking, Scheduling, Block_Device_Mapping, Spawning, Deleting, Error and other states
  • Bare Metal Server/Multi-node GPU Cluster: Running, Starting, Stopping, Stopped
  • VPC Endpoint: Active
  • PostgreSQL/MariaDB/MySQL/EPAS/Microsoft SQL Server: Running
  1. Select the server to allow access, and click the Confirm button.
  2. Check the added server in the Object Storage Details page’s Access Control > Allow Service Resources list.
Reference
  • If you modify the service resource allowance, it may take up to 30 seconds for the changes to be applied.
  • Service resources are allowed up to a maximum of 150.

Allow access to Cloud Functions service

If access control on the bucket is set to enabled, you can allow the Cloud Functions service to access Object Storage.

To allow access to the Cloud Functions service from Object Storage, follow these steps.

  1. Click the All Services > Storage > Object Storage menu. You will be taken to the Service Home page.
  2. On the Service Home page, click the Object Storage menu. You will be taken to the Object Storage List page.
  3. Object Storage List page, click the resource (bucket) for which you want to set access control. You will be taken to the Object Storage Details page.
  4. On the Object Storage Details page, verify that access control is enabled.
    • Access Control is Disabled, click the Edit button, then in the Access Control popup, change Access Control to Enabled.
    • When access control is enabled, only the Allow IP Access, Allow Service Resources, Allow Cloud Functions Service lists are displayed.
  5. In the Enable Cloud Functions service, click the Edit button. The Edit Cloud Functions service popup opens.
  6. After checking Allow, click the Confirm button.
Reference
  • Once the access permission settings for the Cloud Functions service are completed, the Cloud Fuctions service can retrieve the Java Runtime executable stored in Object Storage.
  • In the Cloud Functions service, see Java Runtime 코드 변경하기 for how to load the Java Runtime executable.
Reference

South Korea (kr-south) region constraints

  • The South Korea (kr-south) region does not provide the Cloud Functions service, so the Allow Cloud Functions Service feature cannot be used.
How-to guides
File and Folder Management