Using the s3cmd Client (S3)

With the s3cmd client you can easily interact with your Object Storage. Below you will find practical examples on how to use the client for your bucket at storage.netways.cloud.

Prerequisites

• You have a User with an S3 key (Access Key and Secret Key).
• The s3cmd client is installed on your system. If not, install it via your package manager or from s3tools.org.

Configuring the s3cmd Client

1. Create a configuration

Create a configuration for your NWS storage so you don’t have to enter credentials each time:

s3cmd --configure

Follow the prompts and enter your credentials:

• Access Key: ACCESS_KEY
• Secret Key: SECRET_KEY
• Region: default
• Endpoint: storage.netways.cloud
• DNS‑style template: %(bucket)s.storage.netways.cloud
• Use HTTPS: Y

Basic Examples

1. List buckets

Show all buckets in your project:

s3cmd ls

2. Upload a file

Upload a local file to your bucket:

s3cmd put ~/my-file.txt s3://my-bucket/

3. List bucket contents

Show all files in a bucket:

s3cmd ls s3://my-bucket/

4. Sync a directory

Synchronize a local directory with your bucket:

s3cmd sync ~/my-directory/ s3://my-bucket/backup/

5. Download a file

Download a file from the bucket:

s3cmd get s3://my-bucket/my-file.txt ~/Downloads/

6. Delete files

Delete a file from the bucket:

s3cmd del s3://my-bucket/my-file.txt

7. Show file statistics

Display details about a file:

s3cmd info s3://my-bucket/my-file.txt

8. Create a public link

Generate a temporary download link (valid for 1 hour by default):

s3cmd signurl s3://my-bucket/my-file.txt +3600

9. Create a bucket

s3cmd mb --bucket-location=":default-placement" s3://my-bucket2

Basic Commands for Bucket Policies

To manage public (anonymous) access you need to use the ACL commands:

1. Show current ACL

s3cmd info s3://my-bucket/

2. Set ACL

s3cmd setacl s3://my-bucket[/prefix] --acl-<POLICY>

Examples for Common ACL Scenarios

1. Allow public access

s3cmd setacl s3://my-bucket --acl-public

2. Allow public access for all files

s3cmd setacl s3://my-bucket --acl-public -r

3. Remove all public access

s3cmd setacl s3://my-bucket --acl-private -r
s3cmd setacl s3://my-bucket --acl-private

4. Set ACL for a specific prefix

s3cmd setacl s3://my-bucket/public/ --acl-public -r

JSON‑Based Policy Management

1. Apply a JSON policy to a bucket

s3cmd setpolicy policy.json s3://my-bucket

2. Read the current policy

s3cmd info s3://my-bucket

3. Delete the current policy

s3cmd delpolicy s3://my-bucket

Example JSON Policies

Example 1: Read access for specific IP ranges

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::my-bucket/*"],
      "Condition": {
        "IpAddress": {"aws:SourceIp": ["192.0.2.0/24"]}
      }
    }
  ]
}

Example 2: Time‑limited access

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": "*",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::my-bucket/public/*"],
      "Condition": {
        "DateLessThan": {"aws:CurrentTime": "2023-12-31T23:59:59Z"}
      }
    }
  ]
}

Tips & Hints

Bucket Versioning

Enable versioning

s3cmd setversioning s3://my-bucket enable

Check versioning status

s3cmd info s3://my-bucket | grep Versioning

Suspend versioning

s3cmd setversioning s3://my-bucket disable

Object Lifecycle Management

Create lifecycle rules

Create an XML configuration file (lifecycle.xml):

<LifecycleConfiguration>
  <Rule>
    <ID>AutoDeleteTempFiles</ID>
    <Filter>
      <Prefix>temp/</Prefix>
    </Filter>
    <Status>Enabled</Status>
    <Expiration>
      <Days>7</Days>
    </Expiration>
  </Rule>
</LifecycleConfiguration>

Apply the rule:

s3cmd setlifecycle lifecycle.xml s3://my-bucket

Manage lifecycle rules

```bash

Show existing rules

s3cmd getlifecycle s3://my-bucket

Delete a rule

s3cmd dellifecycle s3://my-bucket