Object Storage Roles
IAM roles are identities that can be assumed by users, applications, or services to access your Object Storage resources. Roles have associated policies that determine what actions can be performed.
List roles
Returns a list of available IAM roles by given {service_uuid}.
Request
curl -X GET https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles \
-u your_username:your_password
Get role details
Returns role details by given {service_uuid} and {role_name}.
Request
curl -X GET https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/admin-role \
-u your_username:your_password
Create role
Creates a new IAM role.
Attributes
- Name
name- Type
- string
- Description
The name of the role. 1-64 characters.
- Name
assume_role_policy_document- Type
- string
- Description
The trust policy document that grants permission to assume the role.
- Name
max_session_duration- Type
- integer
- Description
Maximum session duration in seconds. Default: 3600.
Request
curl -X POST https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles \
-u your_username:your_password \
-H "Content-Type: application/json" \
-d '{
"name": "app-role",
"assume_role_policy_document": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"*\"}}]}",
"max_session_duration": 7200
}'
Update role
Updates an existing IAM role.
Attributes
- Name
max_session_duration- Type
- integer
- Description
Maximum session duration in seconds.
Request
curl -X PATCH https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/app-role \
-u your_username:your_password \
-H "Content-Type: application/json" \
-d '{
"max_session_duration": 14400
}'
Delete role
Deletes an IAM role by given {service_uuid} and {role_name}.
Request
curl -X DELETE https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/app-role \
-u your_username:your_password
Get role tags
Returns a role's tags by the given {service_uuid} and {role_name}.
Request
curl -X GET https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/admin-role/tags \
-u your_username:your_password
Replace role tags
Replaces a role's tags by the given {service_uuid} and {role_name}.
Request
curl -X PUT https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/admin-role/tags \
-u your_username:your_password \
-H "Content-Type: application/json" \
-d '{
"key": "environment",
"value": "staging"
}'
Delete role tags
Deletes a role's tag by the given {service_uuid}, {role_name}, and {tag_key}.
Request
curl -X DELETE https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/admin-role/tags/environment \
-u your_username:your_password
Assume role policy
Updates the assume role policy document for a role.
Attributes
- Name
assume_role_policy_document- Type
- string
- Description
The trust policy document that grants permission to assume the role.
Request
curl -X PUT https://api.upcloud.com/1.3/object-storage-2/0ab2f83f-03f3-4c48-9a38-0a3e89c6d024/roles/admin-role/assume-role-policy-document \
-u your_username:your_password \
-H "Content-Type: application/json" \
-d '{
"assume_role_policy_document": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Action\":\"sts:AssumeRole\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:root\"}}]}"
}'