Prerequisite Concepts

Bucket or S3-based cloud storage is a powerful service for storing and retrieving any type of data, from website files to backups, software outputs, and cloud assets.

Unlike models such as File Storage (hierarchical storage like Windows Explorer) or Block Storage (dividing data into small, high-speed blocks), S3 storage stores data as objects. This model offers the advantages of both previous models along with unique capabilities.

Each object includes the main data and metadata with unique identifiers that enables categorization and faster access, whether for developers or automated systems.

Resources in buckets are stored as objects. The difference between objects and files is that objects have metadata. Metadata helps us with better management and categorization of objects. Each object, upon creation (such as uploading a file, creating a new folder, etc.), has metadata assigned by the system. Additionally, it includes other metadata such as creation time, etc. Another type of metadata is assigned by users as tags.

System metadata and user metadata are two types of metadata assigned to each object in the cloud storage system. System metadata (e.g., Last-Modified, Content-Type, ETag, ID, etc.) are automatically determined during creation or upload, while user metadata is assigned as tags with a key and value based on needs. This information can be used for better categorization and management of objects.

This information is unique and automatically generated by the system for control purposes. It can be used by the user.

Tags are key-value pairs used for categorization, identification, organization of buckets, and managing bucket access.

The maximum number of tags per resource is 50.

Each resource has a unique key value, and each key can only have one value.

Some example tag Key: Value pairs with descriptions:

Data centers are the physical locations where hardware is stored.

Kubit allows you to store your data in two different locations or data centers in distinct places. This provides the advantage of using one location without disruption if access to another is interrupted.

To create a new space, you first need to select a location. The data centers include:

• Navid Data Center
• Azadi Data Center

Space in Kubit is a logical and independent entity for managing storage resources, corresponding to an S3 User. This means each space has an account (Access Key/Secret Key) in an object storage system like MinIO or Amazon S3.

• This S3 User has specific permissions and access to buckets.
• Each space can contain multiple buckets, all of which are owned and managed by that specific space.
• Spaces are designed to enable data type separation, access restriction, and resource consumption control.

• When creating a space in Kubit, an S3 User with a unique AccessKey/SecretKey is created in the background.
• All upload and download requests are made through these keys.
• Access level management is done through the Account Services section.

Bucket is the storage location for objects and is defined as a subset of a space. Unlike a space, which has a simple and flat concept (lacking a nested folder structure), buckets allow for hierarchical data organization. Within each bucket, nested folders can be created, and various data can be stored in a structured manner.

File management in buckets is similar to traditional file systems (like Windows or Linux) but with the advantages of an object-oriented model. Using tags, files can be placed in different categories, which is very useful for complex scenarios and advanced search and filtering needs.

A service account is created to specify the public access level for users. This feature allows you to define various access levels for organizational users and easily implement and manage role-based access control (RBAC) policies.

A Policy is a set of rules that specifies which account can perform which operations on which resources. These policies are typically defined in JSON or YAML structures and include the following:

• Effect: Allow or Deny
• Action: e.g., s3:GetObject, s3:PutObject, s3:ListBucket
• Resource: e.g., bucket-name/* or bucket-name/folder/*

Policies determine who can access resources and in what manner.

By enabling public access, listing and downloading bucket objects publicly (via S3 browser, browsers, SDK, etc. For more information, click) is enabled outside the panel.

To access a bucket:

1. A Service Account is created.
2. One or more Policies are attached to it.
3. Policies determine which bucket and operations this account is allowed to perform (e.g., read-only or read and write).

This feature allows you to maintain a history of different versions of an object (file, folder, etc.). When enabled, each time a file is modified or deleted, the previous version remains in the system. This is very useful for preventing unintended deletions or changes by users, restoring previous versions, and more precise data management.