Understanding the 'Folders' concept

Impossible Cloud Storage is not exactly like a computer's file system, we do have something similar to folders to help keep things tidy. You can group related files (objects) by giving them a shared beginning to their names, almost like they're in a folder.

Just like you can have folders inside folders on a computer, you can do the same here, but you can't have buckets inside buckets. You can create these virtual folders and put objects directly into them, and while you can create and delete these folders, renaming and sharing them are not an option.

Key Use Cases

Here are a few examples you can use Impossible Cloud Storage:

1. Backup and Recovery: Securely back up your files and recover them whenever needed.

2. Media Hosting and Management: Store and distribute media files, like images and videos, directly from your bucket.

3. Data Archiving: For data that isn't accessed frequently but still needs to be retained, Impossible Cloud Storage provides a cost-effective solution. Historical data, long-term records, or old project files can be securely stored in the cloud and retrieved whenever needed.

While the use cases we've outlined are common, Impossible Cloud Storage is versatile S3 compatible storage and can be tailored to many different needs. Your requirements dictate its use - so it's not just for backups, media hosting, and the other examples we mentioned. Explore and see what it can do for you.

Further Assistance and Information

Need more help? Here are some useful links:

1. For detailed instructions on integrating Impossible Cloud Storage with your preferred backup solutions, visit our comprehensive guide at this link.

2. Please visit Impossible Cloud page where you can submit a support request.

We're excited to have you on board and can't wait to see what you'll do with Impossible Cloud Storage! Don't forget - we're here to help if you need it.

Welcome to the Impossible Cloud Storage family! This guide is designed to help you get up and running as smoothly as possible, whether you're a business or an individual user.

What are 'Buckets' and 'Objects'?

At the heart of our service are two simple concepts - Buckets and Objects.

A Bucket is a container for your data. Think of it like a big digital box where you store all your files, which we refer to as Objects.

An Object represents an individual file that you store in a Bucket. This can be any file you need to store – a photo, a document, a video, and more.

Impossible Cloud offers next-generation, resilient object storage optimized for fast data backup and retrieval.

Who can benefit from the product?

Enterprises and SMBs backing up data to centralized, public cloud providers, or using on-premise solutions, who are looking to save up to 80% on data storage costs. Additionally, companies that prioritize:

Sign-Up and Log in

Before you can use Impossible Cloud Storage, you'll need to sign up and log in.

1. If you don't have an account yet, simply request a free trial account .

Change Password Feature for ICSC Users

Impossible Cloud Storage Console introduces a new feature to change password.

Customers can now securely change their own password from the 'Profile Settings' menu. The new feature is available for all Impossible Cloud Storage Console users and offers a user-friendly way to change their password from the UI.

Impossible Cloud Storage Console (ICSC) is the management tool providing any user the central access point to our Impossible Cloud Storage. In addition to using CLI, you can use the web console for uploading and retrieving data as well as configuring user details.

Find here the link to access the Impossible Cloud Storage Console.

New Login Page and Menu Bar

Impossible Cloud introduces an enhanced identity and access management (IAM) capabilities in Impossible Cloud Storage Console (ICSC). It features a new login page to access ICSC as a root user or IAM user and a new menu bar inside ICSC. This update also introduces the Account ID that can be used to login as an IAM user in ICSC. The brings us closer to better user and access management in ICSC.

The new login page update comes with a menu bar update in ICSC. It separates the login process for root and IAM user in ICSC, as well as the S3 Storage and IAM features in the UI. As a root user, user can login using the email and password and as an IAM user, user can login using the account ID, username, and password.

The new menu bar grouped the ICSC menus based on feature: S3 Storage and IAM (Identity and Access Management). This guides users to navigate and differentiate the different features in ICSC easily.

Efficiently manage Identity Access Management (IAM) using the AWS Command Line Interface (CLI). The CLI offers a comprehensive set of commands and options to configure and control IAM resources.

Benefit from flexibility and scalability, managing IAM resources across multiple accounts from a single interface. Ensure secure access through authentication, access keys, and IAM roles. Achieve greater efficiency in user management, permissions assignment, and policy updates. Leverage extensive documentation and community support for guidance.

In the Usage section, you can find information about the utilization of your storage capacity. In this page you can view your current usage, storage capacity, and an overview of how much storage you have left.

The Usage section is only visible if you are accessing the Impossible Cloud Storage Console using a root user account.

If you are using Impossible Cloud Storage with a pay-per-use plan, the remaining storage amount will not be displayed, as charges are based entirely on your current usage. For more information, see the following pages for details.

Here, the Profile Settings page is a control hub for your Impossible Cloud Storage account.

To start managing your profile settings, simply go to the Profile Settings menu or go to the "ellipsis" (three dots) at the top-right corner of your screen next to your user details, and select Profile Settings.

Impossible Cloud Storage works seamlessly with the AWS S3 API. This means that you can use it with the AWS CLI or any other software that is compatible with AWS S3.

If you want to use the AWS CLI with Impossible Cloud Storage, simply follow the guidelines on the next pages.

At Impossible Cloud Storage, we follow a decimal storage calculation where 1 terabyte (TB) is considered 1,000 gigabytes (GB), and 1 gigabyte is considered 1,000 megabytes (MB). This means that when you see our storage pricing of €7.99 per terabyte for the 'Pay-per-use' plan, it is equivalent to €0.00799 per gigabyte.

We adopt this calculation method to provide a consistent and transparent pricing structure for our users. Using a base of 1,000 rather than 1,024 simplifies the storage calculation process and allows for easier budgeting and cost management.

When estimating your storage requirements and understanding the associated costs, keep in mind that each gigabyte is comprised of 1,000 megabytes and each terabyte is comprised of 1,000 gigabytes. This ensures clarity and accuracy when calculating your storage expenses with Impossible Cloud Storage.

If you have any further questions or need assistance with understanding your billing and storage calculations, please don't hesitate to reach out to our support team. We are here to help you make the most of your storage resources efficiently and cost-effectively.

Here you can find the Impossible Cloud Storage Console URLs.

See the following pages for details on how to signup and sign in as well as session lifetime limits for automatically being signed out:

1. Signing up for Impossible Cloud Storage

2. Signing in to Impossible Cloud Storage

3. Session lifetime limits

The Impossible Cloud Storage Console supports Multi-Factor Authentication (MFA) using various third-party authenticator applications. Learn more about how MFA works in this section.

Session lifetime limits determine how long the system should retain a login session. For security reasons, users are logged out automatically after certain intervals:

• Inactivity timeout: Period after a user's session expires - given they do not interact with the console. This occurs after 3 minutes of inactivity.

• Require login after: Period after a user's session expires - independent of their interaction with the console. This is set to 30 days after login.

Impossible Cloud has implemented a fair use policy mechanism to ensure effective service utilization for all its customers, regardless of the existing service load conditions. This mechanism prevents any individual Impossible Cloud user account from monopolizing system resources at the expense of other accounts.

When other cloud providers terminate your contract, we will contact you first. For instance, if a user account excessively uses egress, we will approach that account and find a joint solution.

To use your Impossible Cloud Storage with the AWS CLI, you need to use the "configure" command. Simply type:

aws configure

You will be prompted to enter your access key and secret access key for Impossible Cloud Storage. When it asks for the region, you can either type "eu-central-2" or leave it blank.

If you need to configure a profile for a specific type of access, you can do so by typing:

aws configure --profile impossiblecloud

Then enter your Access Key ID and Secret Access Key, and you are ready to go.

To begin, you will need to install the AWS CLI and configure it using your AWS Access Key and Secret Key. You can follow the instructions located here for guidance.

Once you have configured the AWS CLI, you must create an additional profile specifically for your Impossible Cloud Storage account. You can find detailed instructions on how to do this here.

Transfer all files from your source AWS bucket to a local directory by running the following command:

aws s3 --profile=your_source_cloud_profile cp s3://<source_bucket>/ <local_directory> --recursive

Finally, to transfer all of your files from a local directory to your new target bucket, run the following command:

aws s3 --profile=impossiblecloud --endpoint-url=https://eu-central-2.storage.impossibleapi.net cp <local_directory>/ s3://<destination_bucket>/ --recursive

Object lock can prevent objects from being removed or overwritten for a specified period. Note that you must first enable versioning before enabling this feature on a bucket. Unlike versioning, object lock must be enabled at the time of bucket creation and the settings cannot be changed after creation.

You can either choose to define a retention period for each object individually or for all underlying objects. Legal holds can only be defined by version or object and not by bucket.

• Reserve the option for individual retention periods for underlying objects by leaving the 'Retention' checkmark blank.

• Set up aggregate retention periods for all underlying objects by defining the retention mode and validity when creating the bucket.

After signing in to the Impossible Cloud Console, you can see both the menu on the left-hand side as well as the panel on the right-hand side. See the following pages for details on how to both navigate the menu as well as use the panel.

You may remove one or more folders after they were created. Simply navigate to the particular bucket, select the folder, and click on 'Remove object' or click on the delete button next to the specific folder.

This action also applies when deleting buckets. Note that the delete action is irreversible.

Versioning in Impossible Cloud is a way of keeping multiple versions of an object in the same bucket. Thus, when Impossible Cloud receives multiple write requests for the same object simultaneously, it stores all of those objects as versions. This feature has to be enabled on a bucket level - when creating the folder or by editing its settings:

• To activate versioning when creating a bucket, simply create a new bucket and enable its versioning.

• For enabling or disabling versioning later in the process, navigate to the bucket overview and change the respective bucket's settings.

Impossible Cloud Now Officially Certified for HYCU

As a commitment to providing an industry-ready solution for Impossible Cloud customers, Impossible Cloud is now certified as a Cloud Storage destination for HYCU.

After a thorough testing and verification, customers can now securely backup their data to Impossible Cloud Storage with peace of mind. The verification includes testing for backing up and recovering data with immutability enabled.

Learn more about how to register your Impossible Cloud buckets as an S3 compatible storage target in HYCU from our .

Creating a bucket allows you to store any object - irrespective of type or size. To create a bucket, simply navigate to the 'buckets' menu item and click on 'Add Bucket'.

You are then asked to edit its properties - i.e., define its name and choose whether to use versioning (see ) and object lock (see ). While the versioning property can be changed at a later point in time, both the name and object lock properties are unchangeable.

You can select a specific geographical region for data storage in your bucket and once selected, the bucket's region cannot be changed. This option ensures that your data complies with local residency laws and improves performance by reducing latency.

Please see the full list of all the available regions, their geographical locations and S3 API endpoint URLs .

Once you have created a bucket in the Impossible Cloud Storage console, you can access the bucket and store an object. There are two ways to upload an object:

1. You can use the built-in drag & drop function.

   1. Open the relevant bucket in the console, drag the object from your device and drop it into the relevant area in the panel. This also works for multiple objects at a time.

There are two ways to use Impossible Cloud with the AWS CLI.

Method 1

The first method involves adding the following subcommand after every command:

--endpoint-url=

For example, if you want to list your buckets in the CLI, please type:

or use a specific profile:

Access keys combined with an S3-compatible endpoint are used with third-party applications. They are used to make programmatic calls to AWS S3 API actions.

There are two types of access keys:

• Access key ID

• Secret access key

Access and secret keys are generated under the "IAM → keys" tab in the console menu bar. To create a new access key, simply navigate to the menu and click "Add key"

Operations with buckets

Console Access

Impossible Cloud introduces a new feature to control access to the Impossible Cloud Storage Console (ICSC). This update keeps the current user creation flow and adds a functionality to enable/disable console access for sub-users in ICSC.

The “Console Access“ feature controls the provisioning of Login Profiles for IAM Users in ICSC. A Login Profile is required to sign in to ICSC. The root users can disable and enable console access during or after user creation in ICSC.

Read our knowledge base article about to learn more.

Currently, the ability to configure Cross-Origin Resource Sharing (CORS) is only available through the AWS Command Line Interface (CLI) utility. Unfortunately, there is no user interface option available for setting up CORS in our platform at this time.

If you need help getting started with the AWS CLI utility or need to familiarize yourself with how to set up CORS configurations using this tool, we recommend checking out the official AWS guide. You'll find examples of the cors-configuration file .

For detailed instructions on using Impossible Cloud Management Console (ICMC, formerly known as Partner Portal), visit our guide at .

Impossible Cloud stores files and folders, i.e., objects, in buckets. You can upload any objects after creating such a bucket. See the following how-to pages for details:

• buckets

• objects in a bucket

• folders

New Storage Region in eu-west-2

Impossible Cloud Storage Console provides early access to the eu-west-2 region, with data center presence in the London region.

Customers can now securely store their data to the new Impossible Cloud Storage region. The early-access is available for all Impossible Cloud Storage Console users and offers full functionalities such as bucket versioning and object lock.

You can find the new eu-west-2 region listed when creating a bucket from the Impossible Cloud Storage Console. The S3, IAM, and STS endpoints are listed in our .

Impossible Cloud Storage generally stores objects in a flat structure. However, you may create a virtual structure yourself by simulating a directory. For this purpose, you can use our 'create a folder' feature.

Simply navigate to 'buckets' and the particular bucket or sub-folder within a bucket. Afterward, click on 'Create Folder' and define a name. Note that you cannot upload a folder to our console and only create it inside the bucket.

There are two main interactions for objects - downloading and deleting. For more sophisticated interactions, see our relevant documentation for as well as :

• Download: Navigate to the particular bucket and click on the object or use the download button next to the specific object to download it. Afterward, the object will be downloaded to the default location on your device.

• Delete: Navigate to the particular bucket and click on the delete button next to the specific object to delete it. Alternatively, you can remove multiple objects by marking an object(s) and click 'Remove x object' on the upper right-hand side of the panel. Note that the delete action is irreversible unless versioning is enabled.

To sign up for a free trial, follow this link and fill in all required information in the form. Afterwards, our sales team will contact you to align the next steps for the account creation.

Please find more information on trial accounts and the process here.

In Impossible Cloud Storage, groups are used to define and manage access permissions for specific resources. These groups follow the Industry S3 policy standard, ensuring compatibility and familiarity for users with experience in other environments.

By linking a list of users with one or more policies, a Group enables role-based access control at Impossible Cloud Storage Console. For instance, access for group of user in the same department can be restricted to only a list of buckets.

The Group management at Impossible Cloud Storage Console can be done in Groups tab. From there, you can add, filter and delete groups as well as edit each group's assigned users and policies.

The Groups tab is only visible for root users - and accordingly, also conducting any of the above actions.

Creating a Group

To add groups, follow these instructions:

1. Navigate to the Groups tab

2. Click the Add Group button on the top-right of the console.

• Fill in the Group Name.

• (Optional) Assign users and policies that you want to apply. These details can be added/edited later.

Editing a Group

To edit a group, follow these instructions:

1. Navigate to the Groups tab

2. Click the respective button next to the group you want to edit.

3. Edit the Group's members or the assigned policies.

4. Finish the update by Clicking Save at the top-right corner of the page.

Deleting a Group

To delete a group, follow these instructions:

1. Navigate to the Group tab in left-pane menu.

2. Click on the Delete button next to the group.

3. Confirm the deletion.

Cross-Origin Resource Sharing, or CORS, is a process that allows web applications from one domain to interact with resources from a different domain.

Example of using CORS

Let's illustrate CORS with a simple example.

Imagine you have a bucket full of pictures in Impossible Cloud Storage. You also have a website that lets your users browse these pictures. Essentially, your website (let's say, "mysite.com") is connected to your Impossible Cloud Storage bucket.

But there's a catch - web browsers have safety measures. They don't like it when a website tries to load content from a different domain. In this case, your website "mysite.com" is trying to fetch pictures from Impossible Cloud Storage, which is a different domain.

This is where CORS comes in. By setting up CORS on your Impossible Cloud Storage bucket, you're telling the browsers, "It's OK, mysite.com is allowed to access these pictures." With CORS, the browser will happily display your photos to your users.

Without CORS, your users would be staring at a blank screen instead of admiring your stunning pictures. That's why CORS is important for connecting your Impossible Cloud Storage with your web application.

A root user has a few more MFA options under the Organization-wide policies. You will see a list of sub-users linked to your main account and you will be able to manage their MFA settings.

One important feature is the Enforce MFA policy to all users in your organization checkbox. If you enable this checkbox and confirm the change, the MFA becomes mandatory for all users, including you. Essentially, it locks in the MFA policy across your organization, making it impossible for any sub-user to disable MFA.

As for individual sub-users, while they cannot disable MFA once the organization-wide policy is in effect, they can still reset their own MFA. Please note that this process is only possible while you are logged into your Impossible Cloud Storage account and your session is active.

There is also a Reset MFA button for each sub-user in the Organization-Wide Policies list.

Organization-Wide Policies are exclusively available for root users. Sub-users do not have access to these functions.

Please install and use the AWS CLI version 2

Linux

When interacting with objects in a versioning-enabled bucket, you have several options:

• Add different versions: In a non-versioning bucket, uploading the same object multiple times overwrites the previous object. In versioning, every version is kept - as long as the file name incl. the name extension is precisely like the one previously uploaded.

• Add delete markers and reverse the action: You can add a delete marker to any object - which subsequently hides the respective object. In other words, the object and its previous versions no longer appear as items in the bucket. This action can be reversed - by restoring all previous versions of the object.

• Download specific versions: You can either download the latest version of an object or any particular version that was uploaded previously. This can even be done when a delete marker is placed on an object.

• Permanently delete specific versions: When you have uploaded multiple versions, you can delete particular versions. This will remove them from our platform - making a recovery of the deleted version impossible.

To add different versions, simply re-upload an object that you have already uploaded previously. The name must precisely be the same as before - incl. the object's extension.

To add a delete marker and hide an object, click on the delete button next to the object. Note that the delete button next to each version behaves differently and triggers object version operations rather than object operations. It's essential to ensure that 'Delete all versions' is disabled. To reverse this action, simply choose to show deleted files and restore the object.

To download specific versions, you can either download the object - which in turn downloads the latest version - or you can choose a particular version. This latter feature also works when a delete marker is placed on the object.

To permanently delete objects, you can either delete a specific version or delete the entire object. Note that these actions are irreversible.

Overview

The Impossible Cloud Storage Console (ICSC) is an enterprise-grade cloud storage management tool that offers Identity and Access Management (IAM). This feature enables Role-Based Access Management (RBAC) for securing your storage and complying to data governance rules and regulatory requirements.

The Impossible Cloud Storage is S3 compatible and is built based on the industry-standard. Thus, users can expect the underlying IAM features to be similar to what they are accustomed to. The Impossible Cloud Storage's IAM features can be configured through the Storage Console (GUI) as well as using the AWS IAM API.

Users, Policies, and Groups

There are three main concepts that should be considered when using Impossible Cloud Storage's IAM features: Users, Policies, and Groups - each with a dedicated tab in the GUI.

• : A specific account with a dedicated login mail and password. This can either be a root user or a sub-user. A user represents an individual that can access the Impossible Cloud Storage Console. For instance, an employee in a marketing department.

• : A set of permissions defining what individuals can see and do. These rules are defined on a group level, which consists of dedicated users. For instance, this could comprise of permissions for the marketing department to access marketing-relevant content.

• : A representation of an organizational unit comprising of user accounts assigned to selected policies. For instance, this could be a marketing department.

Supported IAM Features

To provide true S3 compatibility, our object storage supports all S3 actions and effects. This means that permissions can be assigned at the most granular level. For instance:

• List: Shows a list of buckets authorized for the respective group. This is a minimum requirement for any sub-user in that group to see the assigned buckets.

• Read: This allows the assigned group's sub-users to retrieve objects with their previous versions and configurations (e.g. object lock status, retention periods, and legal hold status).

• Write: This allows sub-users of the assigned group to delete and/or add an object to a bucket.

Refer to AWS documentation on S3 and for more details.

In Impossible Cloud Storage, IAM policies are used to define and manage access permissions for specific resources. These policies follow the Industry S3 policy standard, ensuring compatibility and familiarity for users with experience in other environments. Each policy is written in JSON format, allowing for precise and structured permission definitions.

IAM Policy management at Impossible Cloud Storage Console can be done in Policies tab. From there, you can add, filter, delete as well as edit an existing policy.

The Policies tab is only visible for root users - and accordingly, also conducting any of the above actions.

Creating a Policy

To simplify policy creation, the Impossible Cloud Storage Console includes a built-in JSON editor. This editor provides a convenient interface for writing and editing policies directly within the Console, making it easy to define access rules according to your requirements.

To create a policy, follow these instructions:

1. Navigate to the Policies tab in left-pane menu.

2. Click the Add Policy button on the top-right of the console.

• Fill in the Policy name

• (Optional) Fill in the description of the policy.

1. Write the S3 policy in the built-in JSON editor.

2. Click Create Policy on the top-right corner of your screen to confirm the creation of the policy.

Updating a Policy

When you update a policy using the Graphical User Interface (GUI) in the Impossible Cloud Storage Console, a new version of that policy is automatically created. This versioning system allows you to easily revert to a previous version if needed.

To edit a policy, follow these instructions:

1. Navigate to the Policies tab in left-pane menu.

2. Click the Edit button next to the policy you want to modify.

3. You can edit the policy using the built-in JSON editor, just like when creating a new policy.

4. Click the Save button in the top-right corner to create a new version.

Deleting a Policy

Deleting a policy will automatically remove the access and permissions for the corresponding group(s) of users.

To delete a policy, follow these instructions:

1. Navigate to the Policies tab in left-pane menu.

2. Click on the Delete button next to the policy.

3. Confirm the deletion.

The 'Empty Bucket' feature provides a straightforward way for root users to delete all objects within a selected bucket via the Impossible Cloud interface. This tool is especially valuable when you need to ensure a bucket is completely cleared of its contents, which can be challenging to accomplish manually if dealing with large quantities of data, various object versions, or protected items. It simplifies what would otherwise require scripting expertise and command-line operations.

Prerequisites

• You must have root access to the Impossible Cloud account.

• Ensure the bucket you choose is the one you intend to empty.

Step-by-Step Guide

1. Access Bucket Settings

   • Navigate to the 'Buckets' tab on your Impossible Cloud dashboard.

   • Click the cogwheel icon beside the bucket you wish to empty to open its settings.

2. Schedule the Emptying Process

Impossible Cloud Storage integrates seamlessly with different media management applications. The following overview provides detailed information and links to the relevant resources in our knowledge base:

Since Impossible Cloud is S3-compatible many other applications that are not on this list work seamlessly as well. If you are interested in using such a solution, simply fill in this form and we provide you with compatibility advice for any available solution on the market.

Setting up CORS involves using the aws command-line interface (CLI) utility and working with a few commands.

Here are the commands you'll be using:

• get-bucket-cors: Retrieve the current CORS configuration for your bucket.

• put-bucket-cors: Apply a new CORS configuration to your bucket.

• delete-bucket-cors: Remove the existing CORS configuration from your bucket.

Using the CLI for CORS Configuration

We understand that these commands might sound technical. But don't worry, we've got handy CLI examples .

Remember, setting up CORS correctly helps secure your data and allows for safe interaction between your bucket and other websites. If you run into any issues or need further assistance, feel free to reach out to our .

Impossible Cloud Storage integrates seamlessly with a range of cloud storage browsers. The following overview provides detailed information and links to the relevant resources in our knowledge base:

Since Impossible Cloud is S3-compatible many other applications that are not on this list work seamlessly as well. If you are interested in using such a solution, simply fill in and we provide you with compatibility advice for any available solution on the market.

If you lose access to your authenticator device or need to reset your Multi-Factor Authentication (MFA), you can reset your MFA settings by following the steps in this section.

The steps are as follows:

1. Navigate to the Profile Settings page.

2. In the MFA section, click on the Reset MFA for this account button.

3. A message will appear confirming the successful reset of your MFA.

This reset process allows you to link a new device with your MFA-enabled account, should your previous device be lost or malfunction.

It's important to note that active sessions expire after 30 days of inactivity. If you are unable to log in and reset your MFA due to an expired session, you will need to for assistance.

Once the MFA reset process is completed, you will be prompted to set up MFA again at your next login with a new device using an authenticator application.

MFA Reset for Individual Sub-Users by Root User

For root users who need to reset Multi-Factor Authentication (MFA) settings for other sub-users within their organization, MFA reset button is available under the section for each sub-user.

This guide guides you through creating public links for your files stored on Impossible Cloud, allowing you to share them with anyone, even if they don't have an Impossible Cloud account. A public link, or a pre-signed URL, is a secure way to provide access to a specific file in your bucket for a limited time. You generate this link directly from the Impossible Cloud interface, and it can be used by anyone to download the file until the link expires. This is an effective way to distribute files without altering your bucket's overall privacy settings or sharing your access credentials.

Prerequisites

• You have logged in to your Impossible Cloud account.

• You have files uploaded to your bucket that you wish to share.

Step-by-Step Guide

1. Navigate to Your Bucket

   • Access the 'Buckets' section on your Impossible Cloud dashboard.

   • Select the desired bucket that contains the file you want to share.

2. Locate the File to Share

The panel is always displayed on the right-hand side of any page. It is the key area for user interaction - e.g., for managing buckets and the underlying objects.

The information is set up to show 10 rows per page by default but you can adjust it up to 100 per page. At the bottom right-hand side of the panel, you can navigate to the different pages by clicking on a designated number or using the '<' and '>' buttons.

You can also search for any sub-item within the selected menu item. Simply use the search bar located at the upper part of the panel. The console will then show all related items that match the entered search string - e.g., buckets or folders within a bucket.

Number of buckets limitations

You can keep any quantity of items in a single bucket, and your account can have a maximum of 100 buckets.

Restrictions on Operating System/Filesystem level

If you use the AWS CLI tool for your operations and application implementation, it's important to note that the CLI searches for credentials and configuration data in a specific hierarchical order.

Command Line Options

For example: using options like "--profile", "--region", "--output" etc...

If the necessary data is not found through command line options, the CLI will check for environmental variables.

As an enterprise-grade cloud service provider, we offer sophisticated versioning and object lock features in our Impossible Cloud Storage product. These features are designed to provide our users with advanced data protection and management capabilities. Our product is built following the industry standard, Amazon S3, so users can expect the underlying features to be similar to what they're accustomed to from other cloud providers.

• Versioning: Our versioning feature allows you to save, retrieve, and restore any version of an object saved in a bucket. Versioning provides an extra layer of security by offering a way to restore deleted or overwritten items. This makes it simple to recover from user or application errors. Versioning is also helpful for data archiving and preservation.

By default, your Impossible Cloud Storage account does not have Multi-Factor Authentication (MFA) enabled. However, turning on MFA is a snap and it significantly boosts the security of your account.

Impossible Cloud Storage Console provides the ability to enable MFA for you and your organization.

To enable MFA:

1. Navigate to the Profile Settings page.

Impossible Cloud Storage integrates seamlessly with multiple leading NAS applications. The following overview provides detailed information and links to the relevant resources in our :

After receiving your account details as a root user or an IAM user, you can log in with your unique credentials to ICSC:

• Navigate to our and login with your credentials

  • Depending on your user type, select the correct login form.

The Impossible Cloud Storage Console allows users to change their password. To change password, you must enter their current password and enter the new password. The password must follow the password requirements:

• Password must be at least 8 characters

• Password should include lower-case (a-z), upper-case (A-Z) and number (0-9) characters

• Password must contain at least one special character

• The new password and its confirmation must be identical

You will receive the following error message if one or more of the requirements are not met:

Either the new password does not conform to the account password policy or the old password was incorrect.

General commands syntax

This section is designed to explain the most important concepts and notations used in the set of high-level 's3' commands.

aws s3 --profile=impossiblecloud --endpoint-url=https://eu-central-2.storage.impossibleapi.net <ACTION> <FILE SOURCE> <FILE DESTINATION>

Supported high-level commands

cp- copy

mv- move

ls - list buckets

rm - remove an object

mb - make a bucket

rb - remove a bucket

sync - sync directories with new and updated files

Add the --recursive flag for multiple objects operations

Use of Exclude and Include Filters

Most commands have --exclude "<value>" and --include "<value>" parameters that can achieve the desired result. These parameters perform pattern matching to either ex- or include a particular file or object. The following pattern symbols are supported:

• *: Matches everything

• ?: Matches any single character

• [sequence]: Matches any character in sequence

• [!sequence]

See more information on the AWS CLI here:

You can access the console's features from the menu on the left-hand side of any page. Note that most of these are only visible for the root user - not the IAM users:

• S3 Storage features:

  • Buckets: Manage your buckets and underlying objects (see guide).

  • Usage: See details of your plan and storage as well as egress consumption ().

• IAM features ():

  • Keys: Find all information for authentication on your S3 API ().

  • Users: Add, delete or edit details of your IAM users ().

• Additional features:

  • Help Center: Opens the link. You may expect to receive feedback per our SLA according to the ticket's priority. Please see our document for more information.

  • Profile Settings: Modify the profile settings of your user. For example, you can enable Multi-Factor Authentication (MFA).

Here is a comprehensive list of currently supported IAM CLI operations by our Impossible Cloud Storage, enabling you to manage IAM effectively:

User and Group Management

• CreateUser, DeleteUser, GetUser, ListUsers

• CreateGroup, DeleteGroup, GetGroup, ListGroups

• AddUserToGroup, RemoveUserFromGroup, ListGroupsForUser

• CreateLoginProfile, UpdateLoginProfile, DeleteLoginProfile

• ChangePassword

Policy Management

• CreatePolicy, CreatePolicyVersion, SetDefaultPolicyVersion

• AttachUserPolicy, DetachUserPolicy

• AttachGroupPolicy, DetachGroupPolicy

• PutUserPolicy, PutGroupPolicy

Access Keys and Account

• CreateAccessKey, DeleteAccessKey, ListAccessKeys

• CreateAccountAlias, DeleteAccountAlias, ListAccountAliases

• GetCallerIdentity, GetFederationToken

Tags and Metadata

• TagUser, UntagUser, ListUserTags

• TagPolicy, UntagPolicy, ListPolicyTags

Context and Simulation

• GetContextKeysForCustomPolicy

• ListEntitiesForPolicy

When accessing the Impossible Cloud Storage Console as a root user, you can create sub-users to give other people access to the console.

The Users tab serves as the single-source-of-truth for all users registered in your organization. You can add, filter, and delete users (sub-users) as well as edit the assigned rights, including assigning group memberships, tags, inline policies, access keys, and console access.

Creating a User

To add users, follow these instructions:

1. Navigate to the Users tab on the left-pane.

2. Click on the Add User button on the top-right of the console.

• Fill in the required email

• (optional) Fill in password to give them access to the console.

• Inform the recipient about the account details.

Deleting a User

To delete users, follow these instructions:

1. Navigate to the Users tab on the left-pane.

2. Click on the delete icon next to the user.

3. Confirm the deletion.

Managing Users as a Root User

The root user has full administrative control, including the ability to manage access and permissions for all sub-users in the account. This includes assigning permissions, managing access keys, and updating user metadata such as tags.

Permissions for sub-users can be managed in two ways:

• Group-Based Policies: Sub-users assigned to one or more groups will automatically inherit the permissions defined by the policies attached to those groups.

• Inline Policies: Alternatively, policies can be assigned directly to individual users through inline policies. This allows for more granular permission control when group-based management is not sufficient.

Additionally, the root user can also create or delete access keys for any sub-user. This facilitates easier key rotation and credential management without requiring direct login access to the sub-user's account.

To manage a sub-user’s settings:

1. Navigate to the Users tab in the Console.

2. Click on the desired sub-user to open their management panel.

3. Use the available tabs — Groups, Tags, Access Keys, and Inline Policies — to manage each aspect of the sub-user's configuration.

These tools give the root user fine-grained control over user permissions and credentials, helping enforce security and compliance standards efficiently.

When connecting to an Impossible Cloud service programmatically, an endpoint is used. This endpoint is essentially the URL that serves as the gateway to an Impossible Cloud storage/IAM service. Tools like the AWS SDKs and the AWS Command Line Interface (AWS CLI) can be used to target the endpoint of each service within a specific region.

Storage console URL for a browser access

Please use either of the below addresses to log in to the Impossible Cloud Storage Console:

This section provides in-depth descriptions of each operation, empowering you to harness the full potential of IAM in effectively managing access and permissions within your system.

Users and Groups management

Users management

Overview

Security is a paramount concern when it comes to cloud storage solutions, and Impossible Cloud Storage is committed to providing robust security measures to protect your valuable data. In this guide, we will delve into the various aspects of security offered by Impossible Cloud Storage, ensuring a comprehensive understanding of the measures in place to safeguard your information.

Operational security

Ensuring the security of your user accounts is essential, and Impossible Cloud Storage offers support for Multi-Factor Authentication (MFA) to add an extra layer of protection. While enabling MFA is available for the root account, subusers can also leverage this feature for enhanced security. Furthermore, root users can mandate MFA for their subusers, enhancing the overall security of the accounts.

Containerisation

Containerisation provides an added layer of security for clients' data in Impossible Cloud Storage. By running the application in isolated containers, the risk of data exposure or compromise is significantly reduced. Each application container is independent and isolated from others, as well as from the underlying host operating system, ensuring that even if the security of one container is compromised, the integrity and confidentiality of other containers and data remain intact.

Authenticating requests

Impossible Cloud supports both Amazon S3 Signature Version 2 and Version 4 for API requests. For better security, we recommend using Signature Version 4, as it uses a signing key instead of your secret access key. Please avoid using Version 2 if possible.

Compliance and Certifications

Impossible Cloud Storage takes data safety seriously, and as part of our commitment to maintaining high standards, our datacenters hold certifications such as and . These certifications validate our adherence to stringent security protocols, assuring users of the safety and protection of their data.

Client-Side Encryption

To ensure end-to-end encryption and give users full control over their data, Impossible Cloud Storage fully supports client-side encryption. This means that you can encrypt your data on the client side using your preferred encryption algorithms or tools, and Impossible Cloud Storage seamlessly integrates with the encrypted data without interference.

In-Transit Encryption

As part of our commitment to data security, Impossible Cloud Storage exclusively supports HTTPS/TLS encryption for data transmission. This ensures that data moving between your devices and our storage infrastructure remains encrypted and protected, mitigating the risk of unauthorised access or data interception. Supported versions of TLS are 1.2 and higher.

As part of this commitment, HTTP, the unencrypted counterpart, is not supported. By enforcing HTTPS/TLS encryption, all data exchanged between your devices and the storage infrastructure is encrypted, significantly reducing the risk of unauthorised access or interception of sensitive information.

Server-Side Encryption

Server-side encryption in Impossible Cloud refers to the automatic encryption of your data before it is stored and the decryption of your data when it is accessed. This process is conducted on the individual objects within your bucket.

If you have enabled SSE-S3 (Server-Side Encryption with Amazon S3-Managed Keys) on a bucket, this encryption becomes the default setting for all objects in the bucket. This means that any data placed in the bucket is automatically encrypted.

Even if you have not enabled SSE-S3 on a bucket, it's still possible to apply encryption to individual objects during the 'put-object' or 'copy-object' operations. This can be done using the AWS Command Line Interface (CLI).

Regardless of whether your data is encrypted or unencrypted, accessing your data remains consistent. As long as you have authenticated your request and possess the necessary permissions, you can retrieve your data seamlessly. For instance, if you share your data via a presigned URL, it will function the same way for both encrypted and unencrypted objects.

Additionally, when you request a list of objects in your bucket, all objects will be returned, regardless of their encryption status.

Please note that:

Currently, Impossible Cloud only supports 'SSE-S3' for server-side encryption. Other encryption methods, such as SSE-KMS (Server-Side Encryption with AWS Key Management Service) and SSE-C (Server-Side Encryption with Customer-Provided Keys), are not supported.

At-Rest Encryption

At Impossible Cloud Storage, we prioritise the security of your data at rest. To achieve this, we implement keys managed by Impossible Cloud which are used for server-side encryption, protecting your data while it is stored in our infrastructure.

Object Lock (WORM)

In line with industry standards and compatibility with AWS S3, Impossible Cloud Storage Object Lock functionality. Object Lock enables you to enforce retention periods, ensuring data immutability and compliance with regulatory requirements. Whether you need to preserve data for regulatory compliance, legal holds, data preservation, ransomware protection, disaster recovery, immutable backups, or auditing purposes, Object Lock provides the necessary governance and compliance features to meet your needs.

Data Resilience

Bit-Rot Protection

Impossible Cloud Storage is designed to provide robust data resilience. At the time of upload (PUT) to the primary storage, data integrity measures are in place to ensure that your data remains intact and protected. The signature algorithm is SHA256 with RSA. Additionally, our infrastructure incorporates bit-rot protection, safeguarding against data corruption or loss due to hardware failures.

Protection from Disk Failure

To mitigate the risks associated with disk failure, Impossible Cloud Storage leverages advanced data protection techniques. Our backend employs erasure coding, a data redundancy method that distributes data across multiple drives, ensuring data integrity and resiliency in the event of a disk failure.

Ongoing Security Monitoring and Updates

Security is an ongoing process, and Impossible Cloud Storage continuously monitors and updates its security measures to stay ahead of emerging threats. Through regular security assessments, vulnerability scanning, and proactive monitoring, we strive to ensure the integrity, confidentiality, and availability of your data.

Conclusion

Security is of utmost importance when it comes to cloud storage, and Impossible Cloud Storage takes comprehensive measures to safeguard your data. By implementing features such as MFA support, client-side encryption, in-transit and at-rest encryption, object lock functionality, data resilience, and protection against disk and data center failures, we prioritize the confidentiality, integrity, and availability of your data. With our commitment to compliance, ongoing security updates, and robust network security measures, you can trust Impossible Cloud Storage to provide a secure and reliable storage solution for your valuable data.

Impossible Cloud supports IAM policies that allow its users to have granular control over the use, access and administration of their cloud storage. Currently the Impossible Cloud Console can manage the following types of policies:

• Managed Policies

• Inline Policies

An inline policy is attached directly to a specific IAM user. If that user is deleted, the inline policy is deleted too, it can’t be reused.

A managed policy exists as its own separate item in IAM. If the group or user it’s linked to is deleted, the policy still exists and can be attached to another IAM user.

1. Managed Policies

Managed Policies are a reusable set of permissions that you can attach to multiple users or groups to control what actions they can perform. Impossible Cloud allows you to have custom policies created and managed by you. Customer managed policies offer greater flexibility as you can define specific permissions based on your requirements. You can also reuse these policies across multiple users or groups within your ICSC environment.

You can either put this on a .JSON and attach via CLI or paste in the ICSC console under “Policies”. A Managed Policy can look like this:

File example: my-impossible-cloud-policy.json

Remember to configure your profile:

To attach that Managed Policy to an IAM User using CLI, you can write:

2. Inline Policies

Inline policies are directly embedded into a single IAM user or group. These type of policies have the following conditions:

• Directly Attached: When you create an inline policy, it becomes part of that specific user or group.

• Unique to the Identity: It cannot be attached to any other user or group.

• No Versioning: Unlike managed policies, inline policies do not have versioning, meaning you can't easily roll back to a previous version of the policy.

• Lifecycle: If you delete the IAM identity, the inline policy is also automatically deleted.

You can assign inline policies via CLI like this:

Impossible Cloud Storage integrates seamlessly with a wide range of industry-leading backup applications. The following overview provides detailed information and links to the relevant resources in our knowledge base:

Since Impossible Cloud is S3-compatible many other applications that are not on this list work seamlessly as well. If you are interested in using such a solution, simply fill in and we provide you with compatibility advice for any available solution on the market.

Interacting with buckets and objects provides several options unless all settings for the bucket were defined during creation. In this latter case, only legal hold settings can be changed. It's important to note that most of these actions are irreversible once implemented. Additionally, all of the following interactions require the appropriate permissions:

• To change the retention of a bucket, you can edit the policy within the bucket's settings. This change will apply to all uploaded objects - including all versions, both those already uploaded as well as those not yet uploaded. Note that the retention policy can only be changed when no such policy is already defined.
• To modify retention properties for a specific object or one of its versions, you can edit the retention policy for that item. It's important to note that any changes to an object's retention policy will only apply to its latest version.
• Add a delete marker to an object: Similar to versioning, you can add a respective delete marker to objects. These objects with delete markers can be restored by showing deleted files. In contrast to versioning, you are unable to delete files with a defined retention policy:

General commands syntax

This section is designed to explain the low-level 's3api' commands for the CLI