General

Last change on 2024-12-06 • Created on 2024-09-23 • ID: ST-EE9D8

What is Hetzner Cloud Object Storage?

With our S3-compatible Object Storage, you can save data in a self-contained environment called "Bucket". You can set individual visibility settings for each Bucket.

Object Storage
Bucket A
  • Text file 1
  • Text file 2
    • Bucket B
  • Image file
  • Video file
    • Bucket C
  • Text file
  • Music file

    • Technical background:

    When you save data (e.g. text document or music file) it is conceptualized as an object. Each object includes the following information:

    • Object key (unique identifier for the object)
    • Data (e.g. image or text document)
    • System metadata (e.g. file type, file size)
    • Custom metadata (key-value pairs set during the upload of the object to store any additional information)
    • Attributes (e.g. which users (keys) are allowed to download or delete the object)

    On the storage disk, the object is saved as a whole (along with its data, metadata and attributes) under its unique key (name).

    Storage Disk
    Object key
    ATTRIBUTES
    METADATA
    DATA
    Free Disk Space
    Object key
    ATTRIBUTES
    METADATA
    DATA

    What is the difference between Buckets (object storage) and Cloud Volumes (block storage)?

    General differences:

    Buckets Cloud Volumes
    Buckets offer storage space as a stand-alone product that customers can use independently of any other cloud resources. Cloud Volumes are used to extend the storage space of a cloud server.
    You can access the data directly via the API or, if the Bucket is publicly visible, via a URL in the webbrowser. The only way to access data from a Cloud Volume is to mount it to a server and access it from there.
    Since you need to access the data via the Internet, it inevitably comes with some latency, making it suitable for backups, database dumps, or logs. Since the storage device is directly mounted to the server, it usually comes with very low latency, making it suitable for real-time databases and application with high latency sensitivity.
    The storage space is not limited by the size of a storage device and therefore offers high flexibility to scale up or down at any time. If you need more storage space, you need to resize and reformat the block storage device, which can be a tedious task.
    Primary purpose: Write once, read many (WORM) Primary purpose: Edit, move, or delete files however you need.
    Objects are immutable, which means it is not possible to modify an object. To "update" a file, you need to upload the new version. This will create a new object and automatically delete the old object. You can open existing files with a text editor like nano or vi and edit the file directly.
    A Bucket can only hold a list of files. You cannot add directories or subdirectories. To get a hierarchical structure, you would need to name the files accordingly, e.g. music/example.mp3. You can save your files in different directories and subdirectories however you need.

    Technical differences:

    • With object storage, data is saved as an entire object. It is not possible to modify an object. For any changes, a new object is created.
    • With block storage, data is split into multiple fixed-sized blocks that are saved separately. When you access your data, it is first "reassembled". When you modify data, the file system updates the specific blocks as needed.

    Is Object Storage exclusively managed via the Hetzner S3 API?

    The following is managed via our Cloud Console and NOT via the S3 API:

    • Create S3 credentials
    • Add protected label to Buckets
    • Move a Bucket from one project to another project

    For everything else, meaning everything Bucket and object related, you should use our Hetzner S3 API.

    Is Object Storage available in all Cloud locations?

    No, Object Storage is currently only available in our European locations, which are:

    • Nuremberg
    • Falkenstein
    • Helsinki

    What location is data stored in?

    The entire data of a Bucket is stored in the location you selected. In that location, the data is stored in a single data center. The power and network infrastructure is designed with built-in redundancy for high availability.

    What kind of redundancy does Object Storage offer? How resilient is the product to failures?

    Each uploaded data object is divided into chunks, which are distributed across multiple servers within the cluster. Using erasure coding, the system can ensure data integrity even if up to three storage servers fail.

    As always, each of our products can only be one part of a secure backup strategy.

    Do you perform any kind of encryption? How secure is my data?

    There is no default data-at-rest encryption of objects, but you can encrypt your data during the upload using SSE-C. This is explained in the how-to guide "Encrypting data with SSE-C". Replaced disk drives are physically destroyed on site and never leave our premises in a recoverable form that would allow data to be reconstructed.

    Why do the total file count and total size in Cloud Console not update right after changes?

    These Bucket statistics are not calculated in real-time. It can take up to 15-20 minutes for these values to be updated.

    Why are the total file count and total size in the Bucket overview higher than what is visible in the object overview?

    The total file count includes all objects that utilize storage. There a two special cases that utilize storage but are not listed in the object overview, which are:

    • Previous versions of objects

    • Objects from multipart uploads (see Amazon S3 documentation) that are either still in progress or have been aborted

      You can automatically delete leftover objects from aborted multipart uploads with lifecycle policies (see this FAQ entry.)

    If you suspect that the total file count is too high, we recommend checking the Bucket for any "invisible objects".

    # List all versions
mc ls --versions <alias_name>/<bucket_name>
aws s3api list-object-versions --bucket <bucket_name>

# List ongoing or aborted multipart uploads
mc ls --incomplete <alias_name>/<bucket_name>
aws s3api list-multipart-uploads --bucket <bucket_name>

    The total size represents the total storage used. This includes:

    • All visible objects
    • All "invisible" objects

    Billing is based on the total size. Note that billing also takes metadata into account, as it consumes storage as well.

    What configuration and security features are currently supported?

    Feature Supported
    AWS Signature version
  • Version 4 algorithm
    		•
    Storage classes
  • Standard
    		•
    Server-Side Encryption (SSE)
  • SSE-C (see this how-to guide)
    		•

    What TLS protocols and cipher suites are currently supported by the API?

    Protocols Cipher suites
    TLS 1.3
    • TLS_AES_128_GCM_SHA256
    • TLS_AES_256_GCM_SHA384
    • TLS_CHACHA20_POLY1305_SHA256
    TLS 1.2
    (Support will end soon*)
    • ECDHE-ECDSA-AES128-GCM-SHA256
    • ECDHE-ECDSA-AES256-GCM-SHA384
    • ECDHE-ECDSA-CHACHA20-POLY1305

    *TLS version 1.2 is deprecated and we will discontinue support for it in the near future. Please upgrade your applications to TLS version 1.3 as soon as possible.

    Do you recognize or reward customers for developing open-source projects that support Hetzner Object Storage?

    Yes! We believe that if someone else has already developed a solution, other developers should be able to benefit from that work too. For this reason, you can find a list of libraries created by fellow developers here: developers.hetzner.com/cloud

    If you are developing an open-source project that supports or intends to add support for our S3-compatible Object Storage, you may be eligible for a free one-time credit of up to €50 on your account. Please contact us via the support page on your Cloud Console and let us know the following:

    • The name of the project you are working on
    • A short description of the project
    • Link to the project website or repo where the project is hosted
    • Affiliation with / role in the project (e.g. project maintainer)
    • Link to some other open-source work you have already done (if you have done so)

    Where can I report issues?

    For issues with our Object Storage product, you can submit support tickets via Cloud Console. Note that we do not provide support for configuring individual applications. If you wish to report an error or problem with our product, please include the following information so that we can investigate your issue as efficiently as possible:

    • For Cloud Console issues: a screenshot of the page in question.
    • For problems with applications or CLI tools such as s3cmd, mc, etc.: an excerpt from the debug output with meaningful error messages, possibly log file entries that could help us to narrow down the error.
    • For issues with specific Buckets: the Bucket ID (not the name!) — you can obtain this via the URL on Cloud Console: click on "Object Storage" in your project and then the name of the Bucket so that the Bucket overview appears. The URL in the address bar of the browser contains the Bucket ID: 
      https://console.hetzner.cloud/projects/<project-id>/buckets/<bucket-id>/overview
    • To report bandwidth or latency issues: the output of mtr or traceroute from the S3 client to visualize the routes that IP traffic takes to the Object Storage. You can also try to measure download speeds using tools such as curl or wget by downloading one of the test files hosted at https://fsn1-speed.hetzner.com/.

    Where can I discuss general questions?

    You can discuss general questions and content related to our Object Storage in this dedicated forum:

    Please do not share any personal data. When you share screenshots, please anonymize personal data such as your customer number in advance.

    For security reasons, never post access keys or secret keys!

    Table of Contents