S3 compatible storage

Object Storage with AWS CLI

Use the public S3-compatible endpoint after creating a bucket and access key from the panel, API, or cdnctl.

Back to Platform Help

Prepare credentials

Create the bucket and access key first. The secret access key is shown once, so store it safely and never paste it into docs or tickets.

cdnctl object-storage buckets create --account <account_uuid> --name app-media
cdnctl object-storage access-keys create --account <account_uuid> --bucket <bucket_uuid>

Configure AWS CLI

Use the CDN.com.tr endpoint on every AWS CLI command. The checksum variables keep modern AWS CLI v2 compatible with the current CDN edge and RGW path.

aws configure --profile cdn-object-storage
export AWS_REQUEST_CHECKSUM_CALCULATION=when_required
export AWS_RESPONSE_CHECKSUM_VALIDATION=when_required
aws --profile cdn-object-storage --endpoint-url https://s3.cdn.com.tr s3api list-buckets

Object smoke test

Run a small write/read/delete test before pointing an application at the bucket.

echo "cdn smoke" > smoke.txt
aws --profile cdn-object-storage --endpoint-url https://s3.cdn.com.tr s3api put-object --bucket <bucket> --key smoke.txt --body ./smoke.txt
aws --profile cdn-object-storage --endpoint-url https://s3.cdn.com.tr s3api head-object --bucket <bucket> --key smoke.txt
aws --profile cdn-object-storage --endpoint-url https://s3.cdn.com.tr s3 cp s3://<bucket>/smoke.txt -
aws --profile cdn-object-storage --endpoint-url https://s3.cdn.com.tr s3api delete-object --bucket <bucket> --key smoke.txt

Troubleshooting

  • 403 usually means the access key, bucket ownership, policy, or signature scope does not match.
  • SignatureDoesNotMatch usually means the endpoint, region/profile, secret key, or command signing context is wrong.
  • If put-object works but head-object fails, verify bucket/key ownership and the CDN S3 passthrough route.
  • Use https://s3.cdn.com.tr as the public endpoint. Customers should not use internal RGW addresses.