Using the MinIO Client (S3)
With the MinIO client (mc) you can easily interact with your Object Storage. Here you will find practical examples of how to use the client for your bucket at storage.netways.cloud.
Prerequisites
- You have a User with an S3 key (Access Key and Secret Key).
- The MinIO client is installed on your system. If not, download it from min.io.
Configuring the MinIO Client
1. Create an alias
Create an alias for your NWS storage so you don't have to enter credentials each time:
Replace ACCESS_KEY and SECRET_KEY with your S3 credentials.
Basic Examples
1. List buckets
Show all buckets in your project:
2. Upload a file
Upload a local file to your bucket:
3. Show bucket contents
Show all files in a bucket:
4. Synchronize a directory
Synchronize a local directory with your bucket:
5. Download a file
Download a file from the bucket:
6. Delete files
Delete a file from the bucket:
7. Show file statistics
Show details of a file:
8. Create a public link
Create a temporary download link (valid for 24 hours):
9. Create a bucket
Basic commands for bucket policies
For managing public access (anonymous access) you must use the mc anonymous commands:
1. Show current policy
2. Set policy
Examples for common policy scenarios
Policy Types
The MinIO client supports the following predefined policy types:
private(no public access)download(read‑only)upload(write‑only)public(read and write)
1. Allow public read access
2. Allow public write access
3. Allow full public access
4. Remove all public access
Attention
This command usually returns the following error:
However the access is still restricted. Verify it with 1. Show current policy afterwards.5. Set policy for a specific prefix
JSON‑based policy management
1. Read JSON policy from bucket
2. Apply JSON policy to bucket
Examples for JSON policies
Example 1: Read access for specific IP ranges
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/*"],
"Condition": {
"IpAddress": {"aws:SourceIp": ["192.0.2.0/24"]}
}
}
]
}
Example 2: Time‑limited access
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": ["s3:GetObject"],
"Resource": ["arn:aws:s3:::my-bucket/public/*"],
"Condition": {
"DateLessThan": {"aws:CurrentTime": "2023-12-31T23:59:59Z"}
}
}
]
}
Tips & Hints
Security notes
- Public write permissions (
uploadorpublic) should only be used in exceptional cases - Check policies regularly for necessity
- Combine policies with bucket quotas to limit unwanted usage
- Always validate JSON policies
- Test new policies first in non‑production environments
Incremental changes to policies
Debugging
Add the --debug flag to your commands to get detailed information if something does not work as expected.
Bucket Versioning
Enabling versioning
Versioning allows storing multiple versions of an object:
Working with versions
# List all versions of an object
mc ls --versions nws/my-bucket/path/file.txt
# Download a specific version
mc cp nws/my-bucket/path/file.txt --version-id VERSION_ID ~/target/
# Delete a version
mc rm nws/my-bucket/path/file.txt --version-id VERSION_ID
Disabling versioning
Object Lifecycle Management
Create lifecycle rules
Configure automatic deletion of objects:
1. Create a JSON configuration file (lifecycle.json):
{
"Rules": [
{
"ID": "AutoDeleteTempFiles",
"Status": "Enabled",
"Filter": {
"Prefix": "temp/"
},
"Expiration": {
"Days": 7
}
},
{
"ID": "DeleteOldLogs",
"Status": "Enabled",
"Filter": {
"Prefix": "logs/"
},
"Expiration": {
"Days": 30
}
}
]
}
2. Apply the rule:
Manage lifecycle rules
# List existing rules
mc ilm rule list nws/my-bucket
# Remove a rule
mc ilm rule remove nws/my-bucket --id "AutoDeleteTempFiles"
Alternative: Delete unversioned objects
{
"Rules": [
{
"ID": "ExpireNonCurrentVersions",
"Status": "Enabled",
"NoncurrentVersionExpiration": {
"NoncurrentDays": 90
}
}
]
}
Advanced expiration options
{
"Rules": [
{
"ID": "ExpireAtSpecificDate",
"Status": "Enabled",
"Filter": {
"Prefix": "project-archive/"
},
"Expiration": {
"Date": "2024-12-31T00:00:00Z"
}
}
]
}
Object Locking
Here you can learn more about Object Locking, Retention and Legal Hold.
Create bucket with Object Lock
Retention settings
# Set retention for an object
mc retention set governance 30d nws/locked-bucket/path/file.txt
# Query retention info
mc retention info nws/locked-bucket/path/file.txt
Legal Hold
# Enable legal hold
mc legalhold set nws/locked-bucket/path/file.txt
# Check status
mc legalhold info nws/locked-bucket/path/file.txt
Notes
Object Lock
- Once enabled, Object Lock cannot be disabled
- Retention periods can only be extended, not shortened
- Retention periods cannot currently be removed via “clear” (Ceph version Nautilus)
Lifecycle Management
- Rules are typically executed within 24 h
- Always test new rules with non‑critical data
Best Practices
- Combine versioning with lifecycle rules for automatic cleanup
- Use Object Lock for compliance‑critical data
- Document all lifecycle rules within the team