Creating a Private Endpoint in Object Storage
Create a private endpoint to reach Object Storage using a private IP address within your VCN without accessing the public internet.
Use the oci os private-endpoint create command and required parameters to create a private endpoint in Object Storage:
oci os private-endpoint create --name name --compartment-id compartment_ocid --subnet-id subnet_ocid --prefix prefix --access-targets access_targets [OPTIONS]
where the following variables apply:
-
prefix
is the DNS prefix of the private endpoint. -
access_targets
are listed in JSON format. Separate each access target with a comma (",").
For example:
oci os private-endpoint create --compartment-id ocid1.tenancy.oc1..exampleuniqueID --subnet-id ocid1.subnet.region1.sea..exampleuniqueID --name pe1 --prefix pe1 --access-targets '[{"namespace":"MyNamespace", "compartmentId":"*", "bucket":"*"}]' { "opc-work-request-id": "99f4f963-cf65-49c4-8923-4e5210742105" }
If you have several access targets, the output would appear as this:
oci os private-endpoint create --compartment-id ocid1.tenancy.oc1..exampleuniqueID --subnet-id ocid1.subnet.region1.sea..exampleuniqueID --name pe1 --prefix pe1 --access-targets '[{"namespace":"MyNamespace", "compartmentId":"*", "bucket":"*"}, {"namespace":"MyNamespace2", "compartmentId":"*", "bucket":"*"}]' { "opc-work-request-id": "1f270b21-473e-4adf-8d13-5a35e8240d1e" }
For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
-
Run the following API operation:
POST n/object_storage_namespace/pe/
These are the available payload properties:
- name: The name of the private endpoint.
- compartmentId: The ID of the compartment the private endpoint is created.
- subnetId: The OCID of the customer's subnet where the private endpoint VNIC resides.
- prefix: The DNS prefix to use for the private endpoint FQDN in the VCN's private DNS zone.
- accessTargets: A list of targets that can be accessed by the private endpoint.
- additionalPrefixes (optional): A list of more DNS prefixes that you can provide.
- privateEndpointIp (optional): The private IP address to assign to this private endpoint if its available. Will return an error if IP address unavailable.
- nsgIds (optional): A list of the OCIDs of the network security groups (NSGs) to add the private endpoint's VNIC.
- freeformTags (optional): Free-form tags for this resource.
- definedTags (optional): Defined tags for this resource.