Oracle Cloud Object Storage Tutorial: Architecture, Pricing, Use Cases, and Hands-On Guide for Storage

1. Introduction

Oracle Cloud Object Storage is Oracle Cloud Infrastructure (OCI)’s managed, durable, and scalable Storage service for storing and retrieving unstructured data—such as images, videos, backups, logs, data lake files, and application artifacts—using a bucket-and-object model.

In simple terms: you create a bucket, upload objects (files) into it, and then access those objects over HTTPS using the OCI Console, CLI, SDKs, or REST APIs. Object Storage is designed for high durability and internet-scale access patterns without needing to manage disks, file servers, or capacity planning like traditional storage.

Technically, OCI Object Storage is a regional service that exposes API-driven storage primitives (namespaces, buckets, objects) with policy-based access control (IAM), server-side encryption, lifecycle automation (archive/delete), and integrations across OCI (Events, Logging, Monitoring, Vault/KMS, Service Gateway). It is commonly used as the default landing zone for data pipelines, application assets, and backup/restore workflows.

What problem it solves: it provides a cost-effective, highly durable, operationally simple way to store massive amounts of unstructured data while supporting secure access, automation, and integration with cloud-native compute and data services.

Service name status: The official service name is Object Storage in Oracle Cloud (OCI). It is an active core OCI service. Always verify the latest feature set and limits in the official documentation: https://docs.oracle.com/en-us/iaas/Content/Object/home.htm

2. What is Object Storage?

Official purpose (OCI): Object Storage provides durable, scalable storage for unstructured data, organized into buckets, accessible through REST APIs, CLI, SDKs, and the OCI Console.

Core capabilities

Store and retrieve unstructured objects (files/blobs) at scale
Organize objects in buckets (flat namespace; “folders” are typically prefixes in object names)
Control access using OCI IAM policies and optional pre-authenticated requests
Automate data movement and retention with lifecycle policies (for example, archive or delete)
Encrypt data at rest (server-side) and support customer-managed keys via OCI Vault (verify regional availability in docs)
Integrate with OCI services for events, logging/audit, monitoring, and private network access

Major components (OCI terminology)

Tenancy: your OCI account boundary
Region: Object Storage is regional
Namespace: a tenancy-scoped identifier for Object Storage (unique per tenancy)
Compartment: logical isolation boundary for resources and IAM policies
Bucket: a container for objects, created in a compartment within a region
Object: the stored data (plus metadata) inside a bucket
Pre-authenticated request (PAR): time-bound URL for access without OCI credentials (scoped to a bucket/object/prefix)
Lifecycle policy: rules to automatically transition or delete objects over time
Replication: policies to replicate bucket content to another region (verify current replication capabilities and constraints in docs)

Service type

Managed cloud object storage service (API-based, not a file system, not a block device)

Scope: regional vs. global

Buckets and objects are regional resources.
The namespace is associated with your tenancy and used in Object Storage endpoints; it is not the same as a region.

How it fits into the Oracle Cloud ecosystem

Object Storage is a foundational OCI Storage service used by: – Compute (instances reading/writing artifacts, logs, backups) – Container Engine for Kubernetes (OKE) (images/artifacts/log exports, application assets) – Functions (event-driven processing of uploaded files) – Data and analytics services (data lake landing zone) – Backup/DR patterns (snapshots and exports—implementation varies by service)

Official docs hub: https://docs.oracle.com/en-us/iaas/Content/Object/home.htm

3. Why use Object Storage?

Business reasons

Lower operational overhead than managing file servers or scale-out NAS
Elastic capacity: store from MBs to very large datasets without pre-provisioning
Cost alignment: pay primarily for what you store and transfer; lifecycle policies can reduce long-term storage costs (pricing is region-dependent)

Technical reasons

API-driven storage for modern applications and automation
Supports large-scale, parallel uploads/downloads (multipart patterns; verify object size/part limits in service limits)
Works well for immutable artifacts (build outputs, backups, logs) and content delivery patterns

Operational reasons

Simple primitives (bucket/object) with strong IAM integration
Built-in lifecycle automation reduces manual operations
Integrates with Monitoring, Events, and Audit for operational visibility

Security/compliance reasons

Server-side encryption at rest
Tight access control using IAM policies and compartments
Auditability via OCI Audit logs (for API calls)
Options like retention controls may support governance needs (verify exact retention features in current docs)

Scalability/performance reasons

Designed for high concurrency and large object counts
Easy to integrate with private network access (for example, Service Gateway) to avoid public internet routing from OCI VCNs

When teams should choose Object Storage

Choose OCI Object Storage when you need: – Unstructured data storage (media, logs, backups, datasets) – A durable “data lake” landing zone – Artifact storage for CI/CD pipelines – Event-driven processing of new files – Low-touch archival using lifecycle rules

When teams should not choose it

Avoid (or complement with other Storage services) when you need: – POSIX file system semantics (use OCI File Storage) – Low-latency block device semantics for databases (use OCI Block Volumes) – Frequent in-place modifications inside large files (object storage is best for write-once/read-many patterns) – Strict on-prem SMB/NFS workflows without refactoring (consider File Storage or a gateway pattern)

4. Where is Object Storage used?

Industries

Media and entertainment (video assets, transcoding pipelines)
SaaS and web platforms (static assets, user uploads)
Finance and insurance (audit archives, reports, data retention)
Healthcare and life sciences (imaging, research datasets; compliance-driven retention)
Retail and e-commerce (product images, clickstream logs)
Manufacturing/IoT (device telemetry archives)
Education (course content, research storage)

Team types

Platform engineering teams building shared storage foundations
DevOps/SRE teams managing artifact storage and backups
Data engineering teams building ingestion and lakehouse pipelines
Security/compliance teams implementing retention and access governance
Application teams storing user-generated content (UGC)

Workloads

Backup and restore repositories (app-level backups, export files)
Data lake ingestion (raw zone / landing zone)
Log aggregation exports
Static web assets (optionally fronted by CDN; verify OCI CDN integration approach)
ML datasets and feature exports (often combined with compute and analytics)

Architectures

Event-driven pipelines: upload → event → function → process → store output
Multi-region DR: replicate critical buckets (verify replication)
Hybrid ingestion: on-prem → OCI (often via tooling like rclone or custom code using S3 compatibility API—verify compatibility needs)

Production vs dev/test usage

Dev/test: store build artifacts, test datasets, and logs; use short retention lifecycle rules to control cost.
Production: store business-critical content, backups, and compliance archives; emphasize IAM, encryption keys, retention, monitoring, and replication/DR patterns.

5. Top Use Cases and Scenarios

Below are realistic use cases for Oracle Cloud Object Storage, with the problem, why it fits, and an example scenario.

1) Application static assets (images/CSS/JS)

Problem: Serving static files from application servers increases compute load and complicates scaling.
Why Object Storage fits: Cheap durable storage, easy HTTPS access, supports policy-controlled public/private access.
Example: A web app stores product images in an Object Storage bucket and serves them via signed URLs or controlled access patterns.

2) User-generated content (UGC) uploads

Problem: Users upload large files; you need scalable storage and safe access control.
Why it fits: Objects can be stored with metadata and accessed via PARs or application-controlled IAM.
Example: A SaaS app stores customer attachments in per-tenant prefixes, restricting access by IAM and application logic.

3) Centralized build artifacts for CI/CD

Problem: Build outputs need a stable repository for deployments/rollbacks.
Why it fits: Object Storage is API-driven and integrates well with automation scripts and OCI CLI.
Example: A pipeline uploads release ZIPs and Helm charts to a bucket and stores build metadata alongside them.

4) Backup repository for application-level backups

Problem: You need off-host, durable storage for backups with retention policies.
Why it fits: Lifecycle policies can automatically archive or delete old backups.
Example: Nightly database exports are uploaded; a lifecycle rule archives older than 30 days and deletes after 365 days (rule design depends on requirements).

5) Data lake landing zone (“raw” zone)

Problem: You need to land data from multiple sources before processing.
Why it fits: Scales to massive datasets; integrates with compute/analytics services.
Example: IoT telemetry JSON files land in a “raw/” prefix; downstream jobs read and transform into curated datasets.

6) Log retention and forensic archives

Problem: Long-term log retention is expensive in hot systems; compliance requires retention.
Why it fits: Lower cost tiers via archive and lifecycle automation; immutable patterns are natural for logs.
Example: Weekly exports from logging systems are written to Object Storage and archived automatically.

7) Cross-region disaster recovery for critical objects

Problem: Region failure requires data availability in another region.
Why it fits: Bucket replication can support DR strategies (verify current replication options, RPO/RTO characteristics).
Example: Replicate critical configuration bundles and artifacts to a secondary region.

8) Secure external file sharing (time-bound)

Problem: Share large files externally without creating user accounts.
Why it fits: Pre-authenticated requests provide time-limited URLs.
Example: A support team generates a 7-day download link for a customer to retrieve a diagnostic bundle.

9) Malware scanning pipeline for uploads

Problem: Uploaded files must be scanned before being released.
Why it fits: Events can trigger scanning workflows; objects can be quarantined by prefix.
Example: Upload lands in “incoming/”; an event triggers a function to scan and then move to “clean/”.

10) Machine learning dataset staging

Problem: Training datasets must be stored cheaply and accessed by compute jobs.
Why it fits: Parallel reads, durable storage; can segregate datasets by buckets/compartments.
Example: A data science team stores training images in Object Storage and runs batch training jobs that pull the data on demand.

11) Software distribution inside an enterprise

Problem: Internal teams need a secure repository for installers and packages.
Why it fits: IAM controls and private network access via OCI networking patterns can keep traffic private.
Example: Store golden images, agent installers, and configuration packages with controlled access per team.

12) Website hosting patterns (static site origin)

Problem: Host a static site origin with minimal infrastructure.
Why it fits: Object Storage can store static content; front with an appropriate delivery layer (verify best OCI service for static website hosting in your region).
Example: A documentation site publishes versioned docs under “v1/”, “v2/” prefixes.

6. Core Features

Feature availability can vary by region and may evolve. Verify feature specifics in the official Object Storage docs: https://docs.oracle.com/en-us/iaas/Content/Object/home.htm

6.1 Buckets and objects (core data model)

What it does: Stores data as objects inside buckets.
Why it matters: Simple model scales to massive object counts without managing servers or volumes.
Practical benefit: You can organize by prefixes and metadata; access via HTTPS APIs.
Caveats: “Folders” are typically simulated by prefixes in object names; rename operations are usually implemented as copy+delete.

6.2 Compartments and IAM policy control

What it does: Uses OCI IAM policies scoped to compartments to control who can manage buckets/objects.
Why it matters: Enterprise-grade governance and least privilege access.
Practical benefit: Separate dev/test/prod buckets into different compartments; isolate teams.
Caveats: Mis-scoped policies are a common risk. Start restrictive, then expand.

6.3 Pre-authenticated requests (PARs)

What it does: Generates a URL that allows access to a bucket/object/prefix without OCI credentials for a limited time.
Why it matters: Enables secure time-bound sharing and upload workflows.
Practical benefit: Let external parties upload/download without creating IAM users.
Caveats: Treat PAR URLs as secrets; anyone with the URL can access within the granted scope until expiration.

6.4 Lifecycle policies (automated tiering/cleanup)

What it does: Automates actions like archiving or deleting objects based on age and filters (prefix).
Why it matters: Controls long-term storage cost and reduces manual operations.
Practical benefit: Automatically archive old logs; delete old build artifacts.
Caveats: Lifecycle is not instant; understand timing semantics and retrieval costs for Archive.

6.5 Storage tiers (Standard and Archive)

What it does: Offers at least a Standard tier and an Archive tier (Archive designed for infrequent access).
Why it matters: Lets you optimize cost based on access frequency.
Practical benefit: Keep recent data in Standard; archive older data.
Caveats: Archive retrieval typically has additional cost and latency characteristics. Verify retrieval behavior and minimum storage durations (if any) in pricing/docs.

6.6 Multipart uploads and large object support

What it does: Uploads objects in parts for large files and/or unreliable networks.
Why it matters: Improves reliability and parallelism for big uploads.
Practical benefit: Resume uploads and reduce rework on failures.
Caveats: Part size limits and maximum object size are governed by service limits—verify in official limits documentation.

6.7 Server-side encryption (at rest)

What it does: Encrypts objects at rest; commonly with Oracle-managed keys by default.
Why it matters: Baseline data protection for stored data.
Practical benefit: Meets common security requirements without custom encryption code.
Caveats: If you require customer-managed keys, validate Vault/KMS integration and key rotation requirements.

6.8 Customer-managed keys via OCI Vault (KMS)

What it does: Encrypts data using keys you control in OCI Vault (where supported).
Why it matters: Stronger control for compliance and internal security policies.
Practical benefit: Central key governance, rotation, and access auditing.
Caveats: Key access permissions, key deletion risk, and cross-region key strategy must be designed carefully.

6.9 Object metadata and tagging

What it does: Supports object metadata (system + custom) and OCI tags at the resource level (buckets, and potentially other resources).
Why it matters: Better organization, automation, and cost allocation.
Practical benefit: Track dataset owner, retention class, or environment.
Caveats: Metadata has size/format constraints; tags require governance to stay consistent.

6.10 Events integration

What it does: Emits events on bucket/object changes for automation.
Why it matters: Enables event-driven architectures.
Practical benefit: Trigger processing when objects are created.
Caveats: Design idempotent consumers; event delivery is typically at-least-once in many cloud event systems—verify OCI event semantics.

6.11 Monitoring and metrics

What it does: Exposes metrics to OCI Monitoring for visibility and alerting.
Why it matters: Operations teams need to detect abnormal behavior (errors, latency, request spikes).
Practical benefit: Build alarms around 4xx/5xx rates and request counts.
Caveats: Metric names/dimensions vary—use official metrics reference.

6.12 Audit logging

What it does: OCI Audit logs track API calls affecting Object Storage resources.
Why it matters: Security investigations and compliance evidence.
Practical benefit: Identify who deleted a bucket or changed policies.
Caveats: Audit logging shows control-plane actions; data-plane access logging should be validated (service logging capabilities can vary—verify in docs).

6.13 S3 Compatibility API (optional)

What it does: Provides an S3-compatible API endpoint for some S3-style tooling and SDKs.
Why it matters: Eases migration and tool reuse.
Practical benefit: Use existing S3 clients (within compatibility scope) to interact with OCI Object Storage.
Caveats: Compatibility is not guaranteed for every S3 feature. Confirm supported operations in OCI’s S3 compatibility documentation.

7. Architecture and How It Works

7.1 High-level architecture

Object Storage sits behind regional endpoints. Clients authenticate with OCI IAM (request signing), and requests are authorized by policies scoped to compartments and resources. Data is stored durably with redundancy managed by OCI.

Key architectural ideas: – Control plane: bucket creation, IAM, lifecycle policies, replication setup – Data plane: object uploads/downloads, multipart operations, PAR-based access – Network paths: public internet endpoints, or private access from VCN via Service Gateway (common pattern)

7.2 Request/data/control flow

A user/app authenticates (OCI API signing, instance principals, or via S3 compatibility credentials).
Authorization is evaluated against IAM policies (group/dynamic group, compartment, resource type).
Upload/download request is served by Object Storage endpoint.
Optional: events are emitted to OCI Events; logs/metrics are published to observability services.
Lifecycle policies run asynchronously to transition/archive/delete objects.

7.3 Integrations with related OCI services

IAM: policies, groups, dynamic groups, federation
Vault: customer-managed keys (where supported)
Events: trigger Functions or other automation on object creation/deletion
Functions: process objects serverlessly (image resize, ETL, scanning)
Monitoring: metrics and alarms
Logging/Audit: audit trail for API actions
Networking: VCN + Service Gateway to access Object Storage without public internet

7.4 Security/authentication model

OCI uses request signing (API keys) for REST/CLI/SDK access.
Compute instances can use instance principals (dynamic groups + policies) to avoid storing user keys on servers.
PARs can bypass authentication but remain authorization-scoped and time-bound.

7.5 Networking model

Public endpoints are accessible over HTTPS.
Private connectivity from a VCN commonly uses Service Gateway (recommended for private access patterns within OCI).
For strict private-only access requirements, verify whether “private endpoints” or other private access features are supported in your region and service configuration.

7.6 Monitoring/logging/governance considerations

Use OCI Audit for change tracking.
Use Monitoring metrics to detect anomalies (spikes in errors, unexpected request volume).
Use tags and naming standards for cost allocation and lifecycle governance.
Establish compartment structure that maps to environments and ownership boundaries.

7.7 Simple architecture diagram

flowchart LR
  U[User / App] -->|HTTPS API| OS[(OCI Object Storage)]
  U -->|OCI Console / CLI / SDK| OS
  OS --> IAM[(OCI IAM Policies)]
  OS --> MON[(OCI Monitoring Metrics)]
  OS --> AUD[(OCI Audit Logs)]

7.8 Production-style architecture diagram (private access + events + keys)

flowchart TB
  subgraph VCN[OCI VCN]
    CE[Compute / OKE Workloads]
    SG[Service Gateway]
    CE --> SG
  end

  SG --> OS[(Object Storage - Regional Endpoint)]

  subgraph Security[Security & Governance]
    IAM[(IAM: Groups, Dynamic Groups, Policies)]
    VAULT[(OCI Vault / KMS Keys)]
    TAGS[Tags & Compartments]
  end

  OS --> IAM
  OS --> VAULT
  OS --> TAGS

  subgraph Observability[Observability]
    MON[(Monitoring + Alarms)]
    EVT[(Events)]
    FUNC[Functions / Automation]
    AUD[(Audit)]
  end

  OS --> MON
  OS --> AUD
  OS --> EVT
  EVT --> FUNC
  FUNC --> OS

8. Prerequisites

Account/tenancy requirements

An active Oracle Cloud (OCI) tenancy
Access to a region where Object Storage is available (Object Storage is a core OCI service and widely available, but always verify)

Permissions / IAM roles

You need permissions to manage buckets/objects in your target compartment.

Typical IAM policy examples (review and adapt to least privilege):

Allow a group to manage Object Storage in a compartment:

Allow group <group-name> to manage object-family in compartment <compartment-name>

Allow a group to read objects only:

Allow group <group-name> to read object-family in compartment <compartment-name>

Allow compute instances (dynamic group) to manage objects:

Allow dynamic-group <dg-name> to manage object-family in compartment <compartment-name>

Policy verbs (inspect, read, use, manage) and resource types matter. Verify the exact policy reference in IAM docs: https://docs.oracle.com/en-us/iaas/Content/Identity/home.htm

Billing requirements

A billing-enabled tenancy (unless using Free Tier)
If using Archive tier or cross-region replication, expect additional costs (retrieval, requests, egress, replication data transfer)

Tools (choose at least one)

OCI Console (browser)
OCI CLI (recommended for this lab): https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm
SDKs (Python/Java/Go/JavaScript, etc.): see OCI SDK docs
Curl (for testing PAR downloads)

Region availability

Select a region close to your workloads to reduce latency and egress cost.
If designing DR, select a paired secondary region and verify replication support.

Quotas/limits

Object Storage has service limits (buckets, request rates, object size, multipart part sizes, etc.).
Check “Service Limits” for Object Storage in your region and tenancy. Start here and navigate to limits: https://docs.oracle.com/en-us/iaas/Content/Object/home.htm (then “Limits” section).

Prerequisite services (optional but common)

VCN + Service Gateway for private access patterns
Vault for customer-managed keys
Events + Functions for event-driven processing
Logging/Monitoring for operations

9. Pricing / Cost

Oracle Cloud Object Storage pricing is usage-based and varies by region and potentially by contract. Do not rely on a single universal number—always confirm in the official pricing pages.

Official pricing resources

Object Storage pricing page: https://www.oracle.com/cloud/storage/pricing/
OCI price list: https://www.oracle.com/cloud/price-list/
OCI cost management tools (start from OCI billing docs): https://docs.oracle.com/en-us/iaas/Content/Billing/home.htm
Free Tier details (verify current Always Free allocations): https://www.oracle.com/cloud/free/

Pricing dimensions (typical)

Common pricing meters for object storage services (confirm exact OCI meters in your region): 1. Storage capacity (GB-month) by storage tier (Standard vs Archive) 2. Requests (PUT/LIST/GET/etc.) often charged per number of operations 3. Data retrieval (especially for Archive tier) and potentially early deletion considerations (verify) 4. Data transfer / egress – Internet egress is typically chargeable – Intra-OCI traffic patterns may differ; validate with OCI networking pricing and your architecture (Service Gateway is about routing, not necessarily free data transfer) 5. Replication (if enabled): additional storage in destination + replication transfer (verify)

Free Tier (if applicable)

Oracle Cloud Free Tier often includes some Always Free resources, which may include a limited amount of Object Storage. This can change—verify current inclusion and size limits: – https://www.oracle.com/cloud/free/

Primary cost drivers

Total stored GB-month in Standard
Growth rate of data (especially logs/backups)
Archive retrieval frequency and volume
Request volume (high-frequency small-object workloads can generate many requests)
Data egress to the internet or other regions
Replication doubling storage footprint across regions

Hidden or indirect costs to watch

Object listing patterns: frequent LIST operations in large buckets can increase request costs and application latency.
Small object overhead: millions of small objects increase request counts and operational complexity.
Archive “surprise”: retrieving archived objects can be more expensive than expected if retrieval is frequent.
Cross-region replication: doubles storage and may add transfer cost.
Downstream compute costs: data processing pipelines (Functions/Compute) can dominate total cost compared to storage.

Network/data transfer implications

Design for in-region access where possible.
Prefer Service Gateway for VCN-to-Object-Storage traffic routing to avoid public internet paths (cost still depends on OCI network pricing; verify).
For external downloads, consider caching or CDN patterns to reduce repeated egress (verify OCI CDN strategy and pricing).

How to optimize cost

Use lifecycle policies:
Delete ephemeral artifacts (CI builds) aggressively.
Archive data that is truly infrequently accessed.
Partition buckets by retention class (for example, prod-backups, ci-artifacts, audit-archive) to avoid mixing policies.
Avoid excessive LIST operations; track objects in an index (database) when appropriate.
Compress and batch small files where feasible (without harming access patterns).
Monitor growth with budgets and alerts (OCI billing + Monitoring).

Example low-cost starter estimate (no fabricated numbers)

A minimal dev setup often includes: – 1 bucket – A few GB of Standard storage – Low request volume (a few thousand requests/month) – Minimal internet egress

Use the official pricing page and calculator/estimator (where available in OCI) to compute a region-specific estimate: – https://www.oracle.com/cloud/storage/pricing/ – https://www.oracle.com/cloud/costestimator.html (verify current availability; Oracle pages can change)

Example production cost considerations (what to model)

For production, model: – Monthly data growth (GB/month) – Peak and average request rates (PUT/GET/LIST) – Archive ratio and retrieval patterns – Replication footprint (2 regions) – Egress scenarios (users downloading media, partners pulling data) – Operational overhead (observability, security scanning functions)

10. Step-by-Step Hands-On Tutorial

This lab creates a secure bucket, uploads an object, generates a pre-authenticated request (PAR) for time-limited download, and verifies access using the CLI and curl. It is designed to be low-cost (small objects, minimal operations).

Objective

Create an OCI Object Storage bucket
Upload and download an object using OCI CLI
Create a pre-authenticated request and download using a browser/curl without OCI credentials
Apply a basic lifecycle policy (optional demonstration)
Clean up resources

Lab Overview

You will: 1. Prepare IAM access and install/configure OCI CLI 2. Create a bucket in a compartment 3. Upload a test file as an object 4. Verify object listing and download 5. Create a PAR and test unauthenticated download 6. (Optional) Add a lifecycle rule 7. Clean up

Step 1: Confirm permissions and pick a compartment

1) In the OCI Console, identify the compartment you will use (for example, sandbox).

2) Ensure your user (or group) has permissions similar to:

Allow group <group-name> to manage object-family in compartment <compartment-name>

Expected outcome: You know the target compartment and have rights to create buckets and upload objects.

Verification: In the Console, navigate to Storage → Object Storage & Archive Storage → Buckets and confirm you can see the bucket list for that compartment.

Step 2: Install and configure OCI CLI

Follow the official OCI CLI install guide for your OS: – https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm

After installation, configure:

oci setup config

This typically requires: – Tenancy OCID – User OCID – Region – API key pair (public key uploaded to your OCI user)

Expected outcome: The CLI is configured and can authenticate to OCI.

Verification:

oci os ns get

You should receive a JSON response with your Object Storage namespace, e.g.:

{
  "data": "mytenancynamespace"
}

If this fails, see Troubleshooting later.

Step 3: Create a bucket

Set variables (edit values):

export COMPARTMENT_OCID="ocid1.compartment.oc1..exampleuniqueID"
export BUCKET_NAME="os-lab-bucket-$(date +%Y%m%d%H%M)"

Create the bucket:

oci os bucket create \
  --compartment-id "$COMPARTMENT_OCID" \
  --name "$BUCKET_NAME"

Expected outcome: A new bucket exists in your chosen compartment.

Verification:

oci os bucket get --name "$BUCKET_NAME"

Step 4: Upload an object

Create a small test file:

echo "Hello from OCI Object Storage at $(date -u)" > hello-object-storage.txt

Upload it:

oci os object put \
  --bucket-name "$BUCKET_NAME" \
  --file hello-object-storage.txt

Expected outcome: The object is stored in the bucket.

Verification (list objects):

oci os object list --bucket-name "$BUCKET_NAME"

You should see hello-object-storage.txt in the output.

Step 5: Download the object using OCI CLI

Download to a new file:

oci os object get \
  --bucket-name "$BUCKET_NAME" \
  --name "hello-object-storage.txt" \
  --file downloaded-hello.txt

Confirm contents:

cat downloaded-hello.txt

Expected outcome: The downloaded file matches the uploaded content.

Step 6: Create a Pre-Authenticated Request (PAR) and download without credentials

Create a PAR that allows ObjectRead for a limited time (example: 1 hour). You must provide an expiration timestamp in RFC 3339 format.

Generate a timestamp (Linux/macOS examples vary; if this command fails, manually set a time in the future):

export EXPIRES_AT="$(date -u -v+1H '+%Y-%m-%dT%H:%M:%SZ' 2>/dev/null || date -u -d '+1 hour' '+%Y-%m-%dT%H:%M:%SZ')"
echo "$EXPIRES_AT"

Create the PAR:

oci os preauth-request create \
  --bucket-name "$BUCKET_NAME" \
  --name "hello-download-par" \
  --access-type ObjectRead \
  --object-name "hello-object-storage.txt" \
  --time-expires "$EXPIRES_AT"

The response includes an access-uri. Construct the full URL.

Get your namespace and region:

export NAMESPACE="$(oci os ns get --query 'data' --raw-output)"
export REGION="$(oci iam region-subscription list --query "data[0].region-name" --raw-output 2>/dev/null || echo "<your-region>")"
echo "$NAMESPACE"
echo "$REGION"

Extract the PAR access URI:

export PAR_URI="$(oci os preauth-request create \
  --bucket-name "$BUCKET_NAME" \
  --name "hello-download-par-2" \
  --access-type ObjectRead \
  --object-name "hello-object-storage.txt" \
  --time-expires "$EXPIRES_AT" \
  --query 'data."access-uri"' --raw-output)"

echo "$PAR_URI"

Build the full URL (Object Storage public endpoint pattern):

export PAR_URL="https://objectstorage.${REGION}.oraclecloud.com${PAR_URI}"
echo "$PAR_URL"

Now download using curl (no OCI credentials used):

curl -fL "$PAR_URL" -o par-download.txt
cat par-download.txt

Expected outcome: You successfully download the object using only the PAR URL.

Security note: Treat PAR URLs as secrets. Anyone with the URL can access within the scope until it expires.

Step 7 (Optional): Add a lifecycle policy to manage cost

Lifecycle policy creation can be done through the Console or CLI. The most beginner-friendly approach is the Console:

1) OCI Console → Storage → Object Storage & Archive Storage → Buckets 2) Select your bucket → Lifecycle Rules 3) Add a rule (example idea): – Match objects with prefix: logs/ – Action: Archive after N days, then delete after M days (design carefully)

Expected outcome: A lifecycle rule is configured for future objects matching the filter.

Verification: The lifecycle rules page shows your rule. Note lifecycle actions are not immediate.

Lifecycle rule capabilities and actions should be verified in official docs to ensure the actions you select match your retention and compliance requirements.

Validation

Run these checks:

1) Bucket exists:

oci os bucket get --name "$BUCKET_NAME" --query 'data.name' --raw-output

2) Object exists:

oci os object head --bucket-name "$BUCKET_NAME" --name "hello-object-storage.txt"

3) CLI download works:

test -s downloaded-hello.txt && echo "Downloaded file exists and is non-empty"

4) PAR download works (until expiry):

test -s par-download.txt && echo "PAR download succeeded"

Troubleshooting

Common issues and realistic fixes:

1) NotAuthorizedOrNotFound – Cause: Missing IAM permissions or wrong compartment/region. – Fix: – Confirm you’re operating in the correct region. – Confirm policy grants access: text Allow group <group> to manage object-family in compartment <compartment> – Ensure the bucket is in that compartment.

2) CLI cannot find config/profile – Cause: ~/.oci/config missing or wrong profile name. – Fix: Re-run: bash oci setup config Or specify profile: bash oci --profile DEFAULT os ns get

3) PAR URL returns 404 or 403 – Cause: Expired PAR, wrong region, wrong URL construction, or scope mismatch. – Fix: – Recreate PAR with future expiry. – Confirm region in URL matches bucket’s region. – Ensure PAR was created for the correct object name.

4) BucketNotFound – Cause: Wrong bucket name or wrong region. – Fix: – List buckets in compartment: bash oci os bucket list --compartment-id "$COMPARTMENT_OCID"

5) Date command differences – Cause: macOS vs Linux date flags differ. – Fix: Manually set EXPIRES_AT to an RFC3339 UTC timestamp like 2026-12-31T23:59:59Z for a short-lived lab (don’t use long expirations in real environments).

Cleanup

Delete the object:

oci os object delete \
  --bucket-name "$BUCKET_NAME" \
  --name "hello-object-storage.txt" \
  --force

Delete the bucket (must be empty):

oci os bucket delete --name "$BUCKET_NAME" --force

Remove local files:

rm -f hello-object-storage.txt downloaded-hello.txt par-download.txt

Expected outcome: No lab bucket or objects remain, preventing ongoing storage charges.

11. Best Practices

Architecture best practices

Use Object Storage for unstructured data and immutable artifacts; use File Storage/Block Volumes for POSIX or block semantics.
Separate buckets by environment (dev/test/prod) and retention class (short-lived vs long-lived).
Use prefix conventions that support lifecycle and access policies (for example: incoming/, processed/, archive/, tmp/).

IAM/security best practices

Prefer instance principals (dynamic groups) for workloads running on OCI Compute/OKE rather than user API keys on servers.
Apply least privilege:
Use read where possible instead of manage.
Limit scope to compartments and, where feasible, specific buckets (validate policy syntax).
Treat PAR URLs as secrets; set short expirations and scope them narrowly (single object when possible).

Cost best practices

Enable lifecycle rules for:
automatic cleanup of transient artifacts
archival of rarely accessed data
Avoid high-frequency LIST operations in massive buckets; track object keys in a database/index if you need “search.”
Compress/bundle small files when practical to reduce request overhead.

Performance best practices

Use multipart upload for large objects (check official limits).
Parallelize uploads/downloads where the client supports it.
Keep consumers in the same region to reduce latency and cost.
Use Service Gateway for private routing from VCN-based workloads.

Reliability best practices

For DR requirements:
Evaluate cross-region replication (verify features, constraints, and operational model).
Consider versioning/immutability controls (verify current availability).
Build idempotent processing in event-driven pipelines (objects may be reprocessed on retries).

Operations best practices

Monitor request errors and throttling signals with OCI Monitoring.
Use Audit logs to track changes to buckets, policies, and lifecycle configurations.
Add budgets and cost alerts for unexpected growth.

Governance/tagging/naming best practices

Use consistent naming: org-app-env-dataClass-region
Example: acme-payments-prod-audit-us-ashburn-1
Tag buckets with:
CostCenter
Owner
DataClassification
Environment
RetentionPolicy

12. Security Considerations

Identity and access model

OCI IAM policies govern access to Object Storage.
Use compartments as a hard boundary for teams and environments.
Prefer federated identity (enterprise SSO) for humans; avoid shared local users.

Common secure patterns – Humans: Console + short-lived sessions via federation. – Machines in OCI: instance principals + dynamic groups. – External sharing: PAR with minimum scope and short expiry.

Encryption

Server-side encryption at rest is a baseline capability.
For higher control, use customer-managed keys with OCI Vault where supported (verify per region and per bucket settings).

Key management cautions – Don’t delete customer-managed keys used to encrypt active buckets. – Restrict Vault key permissions; key misuse can cause data unavailability.

Network exposure

Access over HTTPS endpoints.
For workloads in a VCN, use Service Gateway to keep access off the public internet routing path.
If you need strict private-only access, verify current OCI capabilities for private endpoints or equivalent features for Object Storage.

Secrets handling

Do not store user API keys in source repos.
For S3 compatibility credentials (customer secret keys), store secrets in OCI Vault or a secure secret manager.
Rotate credentials and scope permissions tightly.

Audit/logging

Enable and regularly review OCI Audit logs.
Integrate logs with a SIEM if required.
Define alerting for suspicious activities (bucket deletions, policy changes, anomalous request spikes).

Compliance considerations

Data residency: keep buckets in approved regions.
Retention: use lifecycle/retention controls appropriate to your compliance needs (verify exact retention/immutability features).
Access reviews: periodically revalidate IAM policies and group membership.

Common security mistakes

Public access misconfiguration (overly broad policies)
Long-lived PARs shared via email/chat
Mixing environments in one bucket (harder to secure and govern)
Storing secrets (API keys) on instances without secure storage/rotation

Secure deployment recommendations

Separate compartments for prod vs non-prod.
Use dynamic groups for compute access.
Use customer-managed keys for regulated data (if required).
Enforce tagging and naming policies using OCI governance features (verify current OCI services for tag defaults and enforcement).

13. Limitations and Gotchas

Limits and behavior can change. Always verify with official Object Storage documentation and service limits for your tenancy/region.

Known limitations / design gotchas

Not a filesystem: no POSIX operations, no in-place file edits; updates are typically full object rewrite.
Prefix-based “folders”: “directories” are naming conventions, not true folders.
Large bucket listings: listing millions of objects can be slow/expensive and may require pagination and careful design.
Rename is copy+delete: “moving” objects between prefixes/buckets can generate additional requests and data transfer.
Archive retrieval: archived objects may have different retrieval times/costs (verify). Don’t archive data you will frequently read.
Event-driven duplicates: event processing systems often require idempotency (verify OCI Events delivery semantics).
Cross-region replication: may have constraints on encryption keys, lifecycle interactions, and delete propagation—validate before committing.

Quotas and limits

Bucket count limits, request rate limits, object size limits, multipart upload part limits—check OCI service limits.
If you hit limits, you may need to request quota increases via OCI support processes (verify the process in your tenancy).

Regional constraints

Feature availability may differ across regions (especially newer capabilities).
Data sovereignty requirements may restrict which region you can use.

Pricing surprises

High request volume (PUT/LIST/GET) can become significant at scale.
Archive retrieval and internet egress can dominate costs if not planned.
Replication effectively multiplies stored capacity and may add transfer costs.

Compatibility issues

S3 Compatibility API is helpful but not identical to AWS S3; confirm supported operations before migrating tools/workloads.

Migration challenges

Mapping IAM models (AWS IAM vs OCI IAM) requires careful translation.
Data transfer at scale may require dedicated migration tooling and staging strategies.

14. Comparison with Alternatives

Nearest services in Oracle Cloud (OCI)

Block Volumes: for block storage attached to compute instances (databases, low-latency workloads).
File Storage: managed NFS file system for POSIX-style access.
Archive Storage: implemented as an Object Storage tier (not a totally separate service in usage terms; pricing/behavior differs).

Nearest services in other clouds

AWS: Amazon S3
Azure: Azure Blob Storage
Google Cloud: Cloud Storage

Self-managed / open-source alternatives

MinIO (S3-compatible object storage)
Ceph (RADOS Gateway for object)
On-prem NAS + backup software (not object storage, but often used for similar goals)

Comparison table

Option	Best For	Strengths	Weaknesses	When to Choose
OCI Object Storage	Unstructured data, artifacts, backups, data lakes in Oracle Cloud	Managed durability, IAM integration, lifecycle, OCI integrations	Not POSIX; design needed for listings, lifecycle, archive retrieval	Default for cloud-native unstructured storage on OCI
OCI File Storage	NFS/POSIX workloads	Familiar file semantics, shared mounts	Scaling and cost model differs; not ideal for internet-scale object access	Lift-and-shift apps needing NFS
OCI Block Volumes	Databases, low-latency block devices	Predictable performance, attach to compute	You manage filesystem/volume; not for object semantics	Stateful apps requiring block storage
AWS S3	Object storage in AWS	Broad ecosystem, mature features	Different IAM model; migration complexity to OCI	Workloads primarily in AWS
Azure Blob Storage	Object storage in Azure	Strong Azure integrations	Different API and identity model	Workloads primarily in Azure
Google Cloud Storage	Object storage in GCP	Great analytics integrations	Different IAM and tooling	Workloads primarily in GCP
MinIO (self-managed)	On-prem/hybrid S3-compatible needs	Control, portability	You operate it; capacity and durability become your responsibility	Strict on-prem requirement or edge deployments
Ceph RGW (self-managed)	Large-scale self-managed object storage	Highly flexible	Significant operational complexity	You need deep control and have storage engineering expertise

15. Real-World Example

Enterprise example: regulated audit archive + analytics landing zone

Problem A financial services company must store audit reports, transaction extracts, and logs for multiple years with strict access controls, auditability, and predictable retention.

Proposed architecture – Separate compartments: prod-audit, prod-analytics, nonprod – Object Storage buckets: – audit-raw-prod (restricted access) – audit-processed-prod (processed outputs) – IAM: – Security team has read access to audit buckets – Data engineering has controlled manage access to a processing prefix – Compute jobs use dynamic groups + instance principals – Encryption: – Customer-managed keys in OCI Vault (where required) – Lifecycle: – Automatically transition older data to Archive tier (if compliance allows and retrieval patterns are rare) – Deletion based on retention schedule (only if permitted) – Observability: – Monitoring alarms for unusual request spikes – Audit log reviews for policy changes and deletions – DR: – Cross-region replication for critical audit objects (verify constraints and RPO requirements)

Why Object Storage was chosen – Strong durability and scale for multi-year retention – IAM/compartment model supports separation of duties – Lifecycle automation reduces operational burden and helps manage cost

Expected outcomes – Reduced storage ops overhead vs. on-prem file systems – Clear access governance and auditable controls – Lower long-term cost with lifecycle/archival strategy (validated against retrieval needs)

Startup/small-team example: SaaS file uploads + lightweight processing

Problem A startup needs to store customer file uploads securely, process them (thumbnails/previews), and serve downloads without building a complex storage backend.

Proposed architecture – One compartment per environment: dev, prod – Object Storage buckets: – uploads-prod with prefixes: – incoming/ (new uploads) – clean/ (after processing) – PAR-based upload/download for time-limited access (or application-mediated access) – Events trigger serverless processing (Functions) when an object lands in incoming/ – Lifecycle deletes incoming/ objects after a short time, keeps processed objects longer

Why Object Storage was chosen – Fast to implement with CLI/SDK – Cheap and scalable storage without managing infrastructure – Easy to integrate with event-driven processing

Expected outcomes – Faster time-to-market – Predictable ops model and cost controls via lifecycle rules – Secure access patterns using IAM and PARs

16. FAQ

1) Is OCI Object Storage regional or global?
Object Storage buckets are regional resources. You create buckets in a specific OCI region and access them through that region’s endpoints.

2) What is an Object Storage namespace in OCI?
A namespace is a tenancy-associated identifier used in Object Storage endpoints and API paths. You can retrieve it using oci os ns get.

3) Do I need to create “folders” in Object Storage?
Not exactly. Object Storage uses a flat key space; “folders” are typically implemented using prefixes in object names (for example, logs/2026/04/app.log).

4) How do I securely share an object with someone outside OCI?
Use a pre-authenticated request (PAR) with the smallest scope and shortest expiry that meets your need.

5) How do workloads on OCI Compute access Object Storage without storing user keys?
Use instance principals: create a dynamic group for the instances and grant it policies to access Object Storage.

6) Can I keep Object Storage traffic private from my VCN?
A common pattern is using a Service Gateway for private routing to OCI services. Confirm your network design with OCI networking docs and pricing.

7) What’s the difference between Standard and Archive in OCI Object Storage?
Standard is for frequent access; Archive is for infrequent access and typically has different retrieval characteristics and costs. Verify retrieval behavior and pricing details in official docs/pricing.

8) Can I automatically move objects to Archive?
Yes, using lifecycle policies (rule-based automation). Validate rule actions and timing in current OCI docs.

9) How do I prevent accidental deletion?
Use least-privilege IAM, separation of duties, and consider retention/immutability controls if available and appropriate (verify OCI’s current retention feature set). Also implement backups/replication for critical data.

10) How do I estimate costs?
Model GB-month stored, request volume, archive retrieval, and egress. Then use the official pricing page and cost estimation tools: – https://www.oracle.com/cloud/storage/pricing/

11) Is the S3 Compatibility API identical to AWS S3?
No. It is designed for compatibility but may not support every AWS S3 feature or behavior. Validate supported operations before migrating tooling.

12) How do I design bucket naming and compartment structure?
Use compartments for environment/team isolation and buckets for retention/access boundaries. Keep bucket purpose clear and avoid mixing unrelated data classes.

13) How do I monitor Object Storage issues?
Use OCI Monitoring metrics and alarms plus OCI Audit logs for change tracking. For request failures, check client logs and the response codes.

14) Can I replicate buckets to another region?
OCI supports replication features for Object Storage (verify the exact replication types, constraints, and costs in the docs). Plan for doubled storage and DR runbooks.

15) What is the safest way to handle secrets for CLI/SDK access?
For humans, use user API keys securely stored and rotated; for machines on OCI, prefer instance principals. For S3 compatibility secret keys, store in OCI Vault or secure secret storage.

17. Top Online Resources to Learn Object Storage

Resource Type	Name	Why It Is Useful
Official documentation	OCI Object Storage docs	Primary reference for concepts, APIs, features, and limits: https://docs.oracle.com/en-us/iaas/Content/Object/home.htm
Official documentation	OCI IAM docs	Correct way to design policies and access control: https://docs.oracle.com/en-us/iaas/Content/Identity/home.htm
Official documentation	OCI CLI docs	Install/configure and automate Object Storage operations: https://docs.oracle.com/en-us/iaas/Content/API/Concepts/cliconcepts.htm
Official pricing	Object Storage pricing	Authoritative pricing model by region: https://www.oracle.com/cloud/storage/pricing/
Official pricing	Oracle Cloud price list	Broader SKU/region pricing reference: https://www.oracle.com/cloud/price-list/
Free tier	Oracle Cloud Free Tier	Verify current Always Free allocations: https://www.oracle.com/cloud/free/
Tutorials/labs	OCI LiveLabs	Hands-on labs for OCI services (search for Object Storage-related labs): https://apexapps.oracle.com/pls/apex/r/dbpm/livelabs/home
Developer tutorials	Oracle Developer portal (Learn)	Practical tutorials and code patterns: https://developer.oracle.com/learn/
Architecture center	OCI Architecture Center / Solutions	Reference architectures and best practices (navigate for storage patterns): https://docs.oracle.com/en/solutions/
Videos	Oracle Cloud Infrastructure YouTube	Official videos and service deep-dives (search “OCI Object Storage”): https://www.youtube.com/@OracleCloudInfrastructure
SDK reference	OCI SDK documentation	Language-specific examples for Object Storage operations (start from docs hub): https://docs.oracle.com/en-us/iaas/Content/API/SDKDocs/sdkdocs.htm
Community (reputable)	rclone documentation (S3/OCI patterns)	Useful for migration/sync patterns; validate OCI compatibility requirements: https://rclone.org/

18. Training and Certification Providers

Institute	Suitable Audience	Likely Learning Focus	Mode	Website
DevOpsSchool.com	DevOps engineers, SREs, platform teams	OCI fundamentals, automation, DevOps workflows, cloud operations	Check website	https://www.devopsschool.com/
ScmGalaxy.com	Beginners to intermediate engineers	SCM/DevOps foundations, tooling and operational practices that can apply to OCI	Check website	https://www.scmgalaxy.com/
CLoudOpsNow.in	Cloud operations teams	Cloud ops practices, monitoring, reliability, operational runbooks	Check website	https://www.cloudopsnow.in/
SreSchool.com	SREs, operations engineers	Reliability engineering concepts, incident response, observability (applicable to OCI storage ops)	Check website	https://www.sreschool.com/
AiOpsSchool.com	Ops teams adopting AIOps	AIOps concepts, automation, operational analytics (can complement OCI monitoring)	Check website	https://www.aiopsschool.com/

19. Top Trainers

Platform/Site	Likely Specialization	Suitable Audience	Website
RajeshKumar.xyz	DevOps / cloud training content	Students and working engineers seeking practical guidance	https://rajeshkumar.xyz/
devopstrainer.in	DevOps tooling and practices	Beginners to intermediate DevOps engineers	https://www.devopstrainer.in/
devopsfreelancer.com	Freelance DevOps consulting/training platform	Teams needing short-term help or coaching	https://www.devopsfreelancer.com/
devopssupport.in	DevOps support and enablement	Ops/DevOps teams needing guided support	https://www.devopssupport.in/

20. Top Consulting Companies

Company Name	Likely Service Area	Where They May Help	Consulting Use Case Examples	Website
cotocus.com	Cloud/DevOps consulting	Architecture, implementation support, automation	Designing Object Storage IAM model; setting up lifecycle + cost controls; migration planning	https://cotocus.com/
DevOpsSchool.com	DevOps and cloud consulting	Platform engineering, CI/CD, operations enablement	Implementing artifact storage patterns; building IaC automation for buckets/policies; operational monitoring dashboards	https://www.devopsschool.com/
DEVOPSCONSULTING.IN	DevOps consulting services	Assessments, DevOps transformation, operations	Storage governance review; implementing secure access patterns; DR/replication strategy workshops	https://devopsconsulting.in/

21. Career and Learning Roadmap

What to learn before Object Storage

OCI fundamentals: tenancies, regions, compartments
IAM basics: users/groups, policies, dynamic groups
Networking basics: VCN, subnets, Service Gateway concept
Basic CLI usage and API concepts (REST, auth/signing)

What to learn after Object Storage

OCI Events + Functions for event-driven pipelines
OCI Vault for customer-managed keys and secrets handling
Observability: Monitoring, Logging, alarms, and operational dashboards
Data engineering services on OCI (if building data lakes)
IaC: Terraform (OCI provider) for repeatable storage provisioning (verify current OCI Terraform docs)

Job roles that use it

Cloud engineer / DevOps engineer
Site Reliability Engineer (SRE)
Cloud solutions architect
Security engineer (data protection/governance)
Data engineer (data lake ingestion and pipelines)
Platform engineer

Certification path (if available)

Oracle’s certification offerings change over time. Check Oracle University / OCI certification pages and map your learning: – Start with OCI Foundations (if available) – Then architect or developer tracks relevant to storage and operations
Verify current certifications here: https://education.oracle.com/

Project ideas for practice

Build a “secure uploads” service using PARs + serverless processing
Implement a log archival pipeline with lifecycle + alarms on bucket growth
Create a DR design with cross-region replication (validate features and run failover drills)
Write a CLI-based backup uploader with checksum validation and metadata tagging
Build a cost dashboard using tagging strategy and OCI cost management tooling

22. Glossary

Object Storage: Storage for unstructured data stored as objects in buckets, accessed via APIs.
Object: A blob/file plus metadata stored in Object Storage.
Bucket: A container for objects within a compartment and region.
Namespace (OCI): A tenancy-associated identifier for Object Storage endpoints and API usage.
Compartment (OCI): A logical container for resources used for isolation and access control.
IAM Policy: A rule defining who can do what with which resources in OCI.
Dynamic Group: An OCI IAM construct that groups resources (like instances) so they can be granted permissions.
Instance Principals: A mechanism for OCI compute resources to authenticate without user credentials.
Pre-Authenticated Request (PAR): A time-limited URL granting scoped access to objects/buckets without OCI credentials.
Lifecycle Policy: Automated rules to transition (for example, archive) or delete objects based on age/prefix.
Archive tier: Lower-cost storage tier intended for infrequent access, often with retrieval costs/latency.
Service Gateway: OCI networking component enabling private routing from a VCN to OCI services.
Egress: Data leaving a region or cloud network boundary; often billable.
Multipart upload: Uploading a large object as multiple parts for reliability and speed.
OCI CLI: Command-line tool for interacting with OCI services.

23. Summary

Oracle Cloud Object Storage is OCI’s core Storage service for durable, scalable, API-driven storage of unstructured data. It fits best for application assets, backups, logs, and data lake ingestion—especially when you need lifecycle automation, strong IAM governance, and integration with OCI networking and observability.

Cost planning should focus on GB-month storage by tier, request volume, archive retrieval behavior, and data egress/replication. Security design should prioritize least-privilege IAM, dynamic groups for workloads, encryption key strategy (including Vault if required), and safe sharing using short-lived PARs.

Use Object Storage when you want simple, scalable unstructured storage with cloud-native operations. If you need POSIX semantics or low-latency block storage, choose OCI File Storage or Block Volumes instead.

Next learning step: extend this lab by adding event-driven processing (OCI Events + Functions) and codifying bucket/IAM/lifecycle configuration with infrastructure as code (Terraform), while validating all service limits and pricing in the official OCI documentation and pricing pages.

rajeshkumar

Category