S3 Compatibility
Endpoint
https://buckets.excloud.devEvery org shares this one endpoint. Your org ID does not go in the URL — it’s resolved from the access key during signature verification, so the same hostname works for everyone. (The separate <org-id>.objects.excloud.dev host is only for
public object URLs, not the S3 API.)
Region
Pick any value; SDKs require one for signature calculation but the server doesn’t care. The recommended value is auto.
Signature
AWS Signature Version 4 (SigV4). Path-style addressing only — requests look like https://buckets.excloud.dev/<bucket>/<key>. Some SDKs default to virtual-hosted-style (<bucket>.endpoint) and must be told to use path-style (e.g. forcePathStyle: true, or boto3’s s3={"addressing_style": "path"}).
Supported operations
| Category | Supported |
|---|---|
| Service / bucket | ListBuckets, HeadBucket, CreateBucket, DeleteBucket, GetBucketLocation, GetBucketAcl |
| Objects | GetObject, HeadObject, PutObject, DeleteObject, DeleteObjects (bulk), CopyObject, ListObjectsV2 |
| Multipart | CreateMultipartUpload, UploadPart, UploadPartCopy, CompleteMultipartUpload, AbortMultipartUpload, ListMultipartUploads, ListParts |
| Presigned URLs | Yes (GET, HEAD) |
| Range reads | Yes (Range: bytes=...) |
| Conditional requests | On CopyObject source only (x-amz-copy-source-if-match, -if-none-match, -if-modified-since) |
| Server-side encryption | Yes (encryption at rest is on by default) |
GetBucketAcl returns the default owner-full-control ACL. Access key IDs are prefixed EXC (not AKIA) — see
Access Keys.
Not supported (yet)
PutBucketAcland per-object ACLs (ACLs are effectively read-only)- Object versioning /
ListObjectVersions - Presigned
PUT(presigning isGET/HEADonly) - Conditional reads/writes on
GetObject/PutObject(If-Match/If-None-Match/If-Modified-Sinceare honored only asCopyObjectsource preconditions) - S3 Object Lock / WORM
- S3 Lifecycle policies (object expiry, transition)
- Replication
- Inventory
- Event notifications
- Static website hosting (use
is_public=true+ presigned URLs or a CDN in front)
If you need one of these, email [email protected].
SDK configuration examples
AWS CLI (~/.aws/config profile)
[profile excloud]
region = auto
endpoint_url = https://buckets.excloud.devOr have exc write it for you:
exc buckets keys configure EXC... --profile excloudThen:
aws --profile excloud s3 ls
aws --profile excloud s3 cp ./file.txt s3://my-bucket/boto3 (Python)
import boto3
from botocore.config import Config
s3 = boto3.client(
"s3",
endpoint_url="https://buckets.excloud.dev",
region_name="auto",
aws_access_key_id="EXC...",
aws_secret_access_key="...",
config=Config(s3={"addressing_style": "path"}), # path-style required
)Go (aws-sdk-go-v2)
cfg, err := config.LoadDefaultConfig(ctx,
config.WithRegion("auto"),
config.WithEndpointResolverWithOptions(aws.EndpointResolverWithOptionsFunc(
func(service, region string, opts ...interface{}) (aws.Endpoint, error) {
return aws.Endpoint{
URL: "https://buckets.excloud.dev",
}, nil
},
)),
)
client := s3.NewFromConfig(cfg)Node.js (AWS SDK v3)
import { S3Client } from "@aws-sdk/client-s3";
const s3 = new S3Client({
region: "auto",
endpoint: "https://buckets.excloud.dev",
forcePathStyle: true,
credentials: {
accessKeyId: "EXC...",
secretAccessKey: "...",
},
});rclone
[excloud]
type = s3
provider = Other
access_key_id = EXC...
secret_access_key = ...
endpoint = https://buckets.excloud.dev
region = autoSanity check
aws --endpoint-url https://buckets.excloud.dev s3 lsIf credentials are correct you’ll see every bucket in your org. A 403 means the access key isn’t valid (or has been deleted); a network error means the endpoint URL is wrong.