Permissions
Application Key Restrictions
Only Application Keys that are manually created in the Backblaze Web UI or via the Backblaze B2 Native API can be used to authenticate the Backblaze S3 Compatible API.
The automatically created Master Application Key is not supported in the Backblaze S3 Compatible API
If an Application Key is restricted to a bucket, the listAllBucketNames permission is required for compatibility with SDKs and integrations. The listAllBucketNames permission can be enabled upon creation in the web UI or using the b2_create_key API call. As a general rule, both the writeFiles and deleteFiles permissions should be associated with the key used for deleting files in the S3 Compatible API.
The Backblaze S3 Compatible API does not support unauthenticated ListObject calls on Public Buckets.
Support for Immutable Storage
If you want to use the Immutable storage, the following permissions are required:
s3:GetBucketObjectLockConfiguration - required to read Object Lock configuration.s3:GetBucketVersioning - required to read the versioning configuration.
Remember, that the Immutable Storage configuration is available only when creating the new bucket - there is no option to enable Immutable Storage in an already existing bucket!
Retention and/or versioning enabled for the bucket may result in the storage of additional data. It is recommended that the retention in GitProtect be longer than the one set for storage. Otherwise, it may lead to storage being overloaded!
It must be added to the Action section, and after the changes, the section must look like the below:
More details about how to create or edit a bucket policy available on Backblaze documentation: Adding a bucket policy
To see more about S3 Immutable storage, visit: https://www.backblaze.com/blog/five-ways-to-use-object-lock-immutability/
Last updated
