Storage Services

S3-compatible object storage with post-quantum encryption

Tasmanian Cloud provides S3-compatible object storage with post-quantum encryption and zero egress fees for Australian traffic.

Features

  • S3-Compatible API - Drop-in replacement for AWS S3
  • Post-Quantum Security - Kyber-768 and Dilithium-3 encryption
  • Zero Egress (AU) - No charges for AU-based data transfer
  • 100% Sovereign - Data never leaves Tasmania

Endpoints

RegionEndpoint
tas-1https://s3.tas-1.tasmanian.cloud

Authentication

Storage uses the same API keys as compute services:

export AWS_ACCESS_KEY_ID="your-api-key"
export AWS_SECRET_ACCESS_KEY="your-api-secret"
export AWS_ENDPOINT_URL="https://s3.tas-1.tasmanian.cloud"

Buckets

Creating Buckets

# Via API
curl -X PUT \
  https://s3.tas-1.tasmanian.cloud/my-bucket \
  -H "Authorization: Bearer $API_KEY"

# Via AWS CLI
aws s3 mb s3://my-bucket \
  --endpoint-url https://s3.tas-1.tasmanian.cloud

Bucket Configuration

# Enable versioning
curl -X PUT \
  https://s3.tas-1.tasmanian.cloud/my-bucket?versioning \
  -H "Authorization: Bearer $API_KEY" \
  -d '<VersioningConfiguration>
    <Status>Enabled</Status>
  </VersioningConfiguration>'

# Set lifecycle policy
curl -X PUT \
  https://s3.tas-1.tasmanian.cloud/my-bucket?lifecycle \
  -H "Authorization: Bearer $API_KEY" \
  -d @lifecycle-policy.xml

Objects

Uploading

# Single file
aws s3 cp file.txt s3://my-bucket/ \
  --endpoint-url https://s3.tas-1.tasmanian.cloud

# Multipart (recommended for files >100MB)
aws s3 cp large-file.zip s3://my-bucket/ \
  --endpoint-url https://s3.tas-1.tasmanian.cloud \
  --multipart-threshold 100MB

# Sync directory
aws s3 sync ./data s3://my-bucket/data/ \
  --endpoint-url https://s3.tas-1.tasmanian.cloud

Downloading

# Single file
aws s3 cp s3://my-bucket/file.txt ./ \
  --endpoint-url https://s3.tas-1.tasmanian.cloud

# Sync entire bucket
aws s3 sync s3://my-bucket/ ./backup/ \
  --endpoint-url https://s3.tas-1.tasmanian.cloud

Presigned URLs

# Generate temporary access URL
curl -X POST \
  https://api.tasmanian.cloud/v1/storage/presign \
  -H "Authorization: Bearer $API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "bucket": "my-bucket",
    "key": "private-file.pdf",
    "expires": 3600
  }'

SDK Examples

Python (boto3)

import boto3

s3 = boto3.client(
    's3',
    endpoint_url='https://s3.tas-1.tasmanian.cloud',
    aws_access_key_id='YOUR_KEY',
    aws_secret_access_key='YOUR_SECRET',
    region_name='tas-1'
)

# Upload
s3.put_object(
    Bucket='my-bucket',
    Key='data.csv',
    Body=open('data.csv', 'rb')
)

# Download
s3.download_file('my-bucket', 'data.csv', 'local-data.csv')

JavaScript (AWS SDK v3)

import { S3Client, PutObjectCommand } from "@aws-sdk/client-s3";

const client = new S3Client({
  endpoint: "https://s3.tas-1.tasmanian.cloud",
  region: "tas-1",
  credentials: {
    accessKeyId: "YOUR_KEY",
    secretAccessKey: "YOUR_SECRET"
  }
});

await client.send(new PutObjectCommand({
  Bucket: "my-bucket",
  Key: "data.json",
  Body: JSON.stringify(data)
}));

Go

package main

import (
    "context"
    "github.com/aws/aws-sdk-go-v2/aws"
    "github.com/aws/aws-sdk-go-v2/config"
    "github.com/aws/aws-sdk-go-v2/service/s3"
)

func main() {
    cfg, _ := config.LoadDefaultConfig(context.TODO(),
        config.WithRegion("tas-1"),
        config.WithEndpointResolver(aws.EndpointResolverFunc(
            func(service, region string) (aws.Endpoint, error) {
                return aws.Endpoint{
                    URL: "https://s3.tas-1.tasmanian.cloud",
                }, nil
            }),
        ),
    )
    
    client := s3.NewFromConfig(cfg)
    
    client.PutObject(context.TODO(), &s3.PutObjectInput{
        Bucket: aws.String("my-bucket"),
        Key:    aws.String("file.txt"),
        Body:   strings.NewReader("Hello"),
    })
}

Storage Tiers

TierUse CasePrice/GB/Month
HotActive data, websites$0.05
WarmBackups, archives$0.03
ColdLong-term retention$0.01
GlacierCompliance archives$0.005

Security

Server-Side Encryption

All data is encrypted by default with post-quantum cryptography:

  • Kyber-768 - Key encapsulation
  • Dilithium-3 - Digital signatures
  • AES-256-GCM - Data encryption

Client-Side Encryption

For additional security, encrypt data before upload:

from cryptography.fernet import Fernet

key = Fernet.generate_key()
cipher = Fernet(key)

encrypted = cipher.encrypt(b'sensitive data')

s3.put_object(
    Bucket='my-bucket',
    Key='encrypted-file',
    Body=encrypted
)

Access Control

# Bucket policy
curl -X PUT \
  https://s3.tas-1.tasmanian.cloud/my-bucket?policy \
  -H "Authorization: Bearer $API_KEY" \
  -d '{
    "Version": "2012-10-17",
    "Statement": [{
      "Effect": "Allow",
      "Principal": "*",
      "Action": "s3:GetObject",
      "Resource": "arn:aws:s3:::my-bucket/public/*"
    }]
  }'

Pricing

MetricPrice
Storage (Hot)$0.05/GB/month
Storage (Warm)$0.03/GB/month
Storage (Cold)$0.01/GB/month
PUT Requests$0.005/1,000
GET Requests$0.0004/1,000
Egress (AU)$0.00/GB
Egress (Intl)$0.09/GB

Limits

LimitValue
Max bucket sizeUnlimited
Max object size5TB
Max upload (single)5GB
Max uploads (multipart)10,000 parts

On this page

FeaturesEndpointsAuthenticationBucketsCreating BucketsBucket ConfigurationObjectsUploadingDownloadingPresigned URLsSDK ExamplesPython (boto3)JavaScript (AWS SDK v3)GoStorage TiersSecurityServer-Side EncryptionClient-Side EncryptionAccess ControlPricingLimits