> ## Documentation Index > Fetch the complete documentation index at: https://docs.nebius.com/llms.txt > Use this file to discover all available pages before exploring further. # create

Name

nebius storage bucket create

Synopsis

``` nebius storage bucket create --bucket-policy-rules --cors-rules --default-storage-class --force-storage-class --labels --lifecycle-configuration-last-access-filter-conditions --lifecycle-configuration-rules --max-size-bytes --name --object-audit-logging --parent-id [required] --resource-version --versioning-policy --async -i, --interactive ```

Options

`--bucket-policy-rules` (json)

Rule specifies which role must be given to a subject to access a set of objects with given
prefixes or a whole bucket.

(structure)

anonymous -> (structure)\[meaningful\_empty\_value]

Enable anonymous access. Only read-only roles are allowed in anonymous mode.

Mutually exclusive with: group\_id.

group\_id -> (string)

Group ID to grant access to.

Mutually exclusive with: anonymous.

paths -> (string)

A list of paths each of which is either a full object key or a prefix ending with a
single "*" wildcard character. A rule is only applied to objects matching any of paths.
If there is a path equal to "*", a rule applies to a whole bucket.

roles -> (string)

A set of roles which a subject will have. All `storage.*` roles are supported.

JSON Schema:

```json theme={null} [{ "anonymous": { }, "paths": [""], "roles": [""] }] ```

`--cors-rules` (json)

CORS rules.

(structure)

allowed\_headers -> (string)

Headers that are allowed in a preflight request through the Access-Control-Request-Headers header.

allowed\_methods -> (string)\[required]

HTTP methods CORS is allowed for: GET, PUT, POST, DELETE, HEAD.

allowed\_origins -> (string)\[required]

The origins that you want to allow cross-domain requests from. Single wildcard \* is allowed.

expose\_headers -> (string)

Headers in the response that you want customers to be able to access from their applications.

id -> (string)\[optional]

Optional rule identifier.

max\_age\_seconds -> (int32)\[optional]

Time in seconds that your browser can cache the response for a preflight request as identified by the resource.

JSON Schema:

```json theme={null} [{ "allowed_headers": [""], "allowed_methods": [""], "allowed_origins": [""], "expose_headers": [""], "id": "", "max_age_seconds": 0 }] ```

`--default-storage-class` (string)

Storage class to use by default for uploads to the bucket. It may be overridden by `x-amz-storage-class` header.
If not set - STANDARD is used as a default storage class.

A value must be one of:

`--force-storage-class` (bool)

Flag to force usage of default\_storage\_class, ignoring `x-amz-storage-class` header.

`--labels` (string->string)

Labels associated with the resource.

`--lifecycle-configuration-last-access-filter-conditions` (json)

A request is included in `days_since_last_access` calculations if:
* The first condition matching the request has `INCLUDE` type.
OR
* The request doesn't match any conditions.

(structure)

methods -> (string)

The s3 methods to match.
An empty list matches all methods.

A value must be one of:

type -> (string)\[required]

A value must be one of:

user\_agents -> (string)

User agents to match. Condition is satisfied if the request's user agent contains any of these substrings.
An empty list matches all user agents.

JSON Schema:

```json theme={null} [{ "methods": "method_unspecified"|"get_object"|"head_object"|"get_object_tagging"|"copy_object"|"upload_part_copy", "type": "type_unspecified"|"include"|"exclude" , "user_agents": [""] }] ```

`--lifecycle-configuration-rules` (json)

(structure)

abort\_incomplete\_multipart\_upload -> (structure)

Specifies the days since the initiation of an incomplete multipart upload that
the system will wait before permanently removing all parts of the upload.

days\_after\_initiation -> (int32)

Specifies the days since the initiation of an incomplete multipart upload that
the system will wait before permanently removing all parts of the upload.

expiration -> (structure)

Specifies the expiration for the lifecycle of the object in the form of date, days and,
whether the object has a delete marker.

date -> (timestamp)\[google.protobuf.Timestamp]

Indicates at what date the object will be deleted. The time is always midnight UTC.

Mutually exclusive with: days.

days -> (int32)

Indicates the lifetime, in days, of the objects that are subject to the rule.
The value must be a non-zero positive integer.

Mutually exclusive with: date.

expired\_object\_delete\_marker -> (bool)

Indicates whether the system will remove a "delete marker" with no noncurrent versions.
If set to true, the "delete marker" will be permanently removed.
If set to false the policy takes no action.
This cannot be specified with Days or Date in a LifecycleExpiration Policy.

filter -> (structure)\[non\_empty\_default]

The Filter is used to identify objects that a Lifecycle Rule applies to.
The Lifecycle Rule will apply to any object matching all of the predicates
configured inside (using logical AND).

object\_size\_greater\_than\_bytes -> (int64)

Minimum object size to which the rule applies.

object\_size\_less\_than\_bytes -> (int64)

Maximum object size to which the rule applies.

prefix -> (string)

Prefix identifying one or more objects to which the rule applies.
If prefix is empty, the rule applies to all objects in the bucket.

id -> (string)\[required]

Unique identifier for the rule per configuration.
The value cannot be longer than 255 characters.

noncurrent\_version\_expiration -> (structure)

Specifies when noncurrent object versions expire.
It works only on a bucket that has versioning enabled (or suspended).

newer\_noncurrent\_versions -> (int32)\[optional]

Specifies how many noncurrent versions the system will retain.

noncurrent\_days -> (int32)

Specifies the number of days an object is noncurrent before the system will expire it.

noncurrent\_version\_transition -> (structure)

Specifies the transition for the lifecycle of a noncurrent object.
It works only on a bucket that has versioning enabled (or suspended).

newer\_noncurrent\_versions -> (int32)\[optional]

Specifies how many noncurrent versions the system will retain without transition.

noncurrent\_days -> (int32)

Specifies the number of days an object is noncurrent before the system will transit it.

storage\_class -> (string)

Target storage class to transit to.

A value must be one of:

status -> (string)\[required]

A value must be one of:

transition -> (structure)

Specifies the transition for the lifecycle of an object in the form of date or days and
target storage class to transit object to.

date -> (timestamp)\[google.protobuf.Timestamp]

Indicates at what date the object will be transited. The time is always midnight UTC.

Mutually exclusive with: days, days\_since\_last\_access.

days -> (int32)

Amount of days since object was uploaded before it's transited to a new storage class.
The value must be a non-zero positive integer.

Mutually exclusive with: date, days\_since\_last\_access.

days\_since\_last\_access -> (int32)

The number of days since the object was last accessed before it is transitioned.

Mutually exclusive with: date, days.

storage\_class -> (string)

Target storage class to transit to.

A value must be one of:

JSON Schema:

```json theme={null} [{ "abort_incomplete_multipart_upload": { "days_after_initiation": 0 }, "expiration": { "date": "1970-01-31T02:30:59Z", "expired_object_delete_marker": false }, "filter": { "object_size_greater_than_bytes": 0, "object_size_less_than_bytes": 0, "prefix": "" }, "id": "", "noncurrent_version_expiration": { "newer_noncurrent_versions": 0, "noncurrent_days": 0 }, "noncurrent_version_transition": { "newer_noncurrent_versions": 0, "noncurrent_days": 0, "storage_class": "storage_class_unspecified"|"standard"|"enhanced_throughput"|"intelligent"|"filesystem" }, "status": "status_unspecified"|"enabled"|"disabled", "transition": { "date": "1970-01-31T02:30:59Z", "storage_class": "storage_class_unspecified"|"standard"|"enhanced_throughput"|"intelligent"|"filesystem" } }] ```

`--max-size-bytes` (int64)

Maximum bucket size.
Zero means unlimited.
Actual limit can be lower if customer doesn't have enough quota.
Real bucket size can go a little higher if customer writes too fast.

`--name` (string)

Human readable name for the resource.

`--object-audit-logging` (string)

Object audit logging specifies which requests must be logged - none, all or mutational only.

A value must be one of:

`--parent-id` (string) \[required]

Identifier of the parent resource to which the resource belongs.

`--resource-version` (int64)

Version of the resource for safe concurrent modifications and consistent reads.
Positive and monotonically increases on each resource spec change (but *not* on each change of the
resource's container(s) or status).
Service allows zero value or current.

`--versioning-policy` (string)

Supports transitions:
* disabled -> enabled
* disabled -> suspended
* enabled \<-> suspended.

A value must be one of:

`--async` (bool)

If set, returns operation id. Otherwise, waits for the operation to complete and returns its resource.

`-i, --interactive` (bool)

If set, suggests to insert field values in interactive mode.

Global Options

`-h, --help` (bool)

Show this message.

`-p, --profile` (string)

Set a profile for interacting with the cloud.

`--format` (string)

Output format. Supported values: yaml|json|jsonpath|table|text.

`-f, --file` (string)

Input file. For 'update' commands automatically set --full=true.

`-c, --config` (string)

Provide path to config file.

`--debug` (bool)

Enable debug logs.

`--color` (bool)

Enable colored output.

`--no-browser` (bool)

Do not open browser automatically on auth.

`--insecure` (bool)

Disable transport security.

`--auth-timeout` (duration: 2h30m10s)

Set the timeout for the request including authentication process, default is 15m0s.

`--per-retry-timeout` (duration: 2h30m10s)

Set the timeout for each retry attempt, default is 20s.

`--retries` (uint)

Set the number of retry attempts, 1 is disable retries, default is 3.

`--timeout` (duration: 2h30m10s)

Set the timeout for the main request, default is 1m0s.

`--no-check-update` (bool)

Suppress check for updates.

`--no-progress` (bool)

Suppress progress indicators and spinners.

```json theme={null} { "metadata": { // [required] "labels": { // [map] // Labels associated with the resource. string: string }, "name": string, // Human readable name for the resource. "parent_id": string, // [required] // Identifier of the parent resource to which the resource belongs. "resource_version": int64 // Version of the resource for safe concurrent modifications and consistent reads. // Positive and monotonically increases on each resource spec change (but *not* on each change of the // resource's container(s) or status). // Service allows zero value or current. }, "spec": { // [non_empty_default] "bucket_policy": { // Bucket policy specifies granular permissions for a bucket. "rules": [{ // Rule specifies which role must be given to a subject to access a set of objects with given // prefixes or a whole bucket. "anonymous": { // [meaningful_empty_value] // Cannot be set together with: group_id // Enable anonymous access. Only read-only roles are allowed in anonymous mode. }, "group_id": string, // Cannot be set together with: anonymous // Group ID to grant access to. "paths": [string], // A list of paths each of which is either a full object key or a prefix ending with a // single "*" wildcard character. A rule is only applied to objects matching any of paths. // If there is a path equal to "*", a rule applies to a whole bucket. "roles": [string] // A set of roles which a subject will have. All `storage.*` roles are supported. }] }, "cors": { // Cross-origin resource sharing configuration. "rules": [{ // CORS rules. "allowed_headers": [string], // Headers that are allowed in a preflight request through the Access-Control-Request-Headers header. "allowed_methods": [string], // [required] // HTTP methods CORS is allowed for: GET, PUT, POST, DELETE, HEAD. "allowed_origins": [string], // [required] // The origins that you want to allow cross-domain requests from. Single wildcard * is allowed. "expose_headers": [string], // Headers in the response that you want customers to be able to access from their applications. "id": string, // [optional] // Optional rule identifier. "max_age_seconds": int32 // [optional] // Time in seconds that your browser can cache the response for a preflight request as identified by the resource. }] }, "default_storage_class": enum( // Storage class to use by default for uploads to the bucket. It may be overridden by `x-amz-storage-class` header. // If not set - STANDARD is used as a default storage class. "STORAGE_CLASS_UNSPECIFIED", "STANDARD", "ENHANCED_THROUGHPUT", "INTELLIGENT", "FILESYSTEM" // Special storage class only for filesystem buckets. ), "force_storage_class": bool, // Flag to force usage of default_storage_class, ignoring `x-amz-storage-class` header. "lifecycle_configuration": { "last_access_filter": { // Specifies which requests are included in `days_since_last_access` calculations for all transition rules. "conditions": [{ // A request is included in `days_since_last_access` calculations if: // - The first condition matching the request has `INCLUDE` type. // OR // - The request doesn't match any conditions. "methods": enum( // The s3 methods to match. // An empty list matches all methods. "METHOD_UNSPECIFIED", "GET_OBJECT", "HEAD_OBJECT", "GET_OBJECT_TAGGING", "COPY_OBJECT", // Copy object method reads the source object. // We account for those operations as source object accesses when calculating `days_since_last_access` for source object. "UPLOAD_PART_COPY" // Upload part copy method reads the source object. // We account for those operations as source object accesses when calculating `days_since_last_access` for source object. ), "type": enum( // [required] "TYPE_UNSPECIFIED", "INCLUDE", // If an include type condition is the first condition that the request match, the request will be included in // `days_since_last_access` calculation. "EXCLUDE" // If an exclude type condition is the first condition that the request match, the request will be ignored in `days_since_last_access` // calculation. ), "user_agents": [string] // User agents to match. Condition is satisfied if the request's user agent contains any of these substrings. // An empty list matches all user agents. }] }, "rules": [{ "abort_incomplete_multipart_upload": { // Specifies the days since the initiation of an incomplete multipart upload that // the system will wait before permanently removing all parts of the upload. "days_after_initiation": int32 // Specifies the days since the initiation of an incomplete multipart upload that // the system will wait before permanently removing all parts of the upload. }, "expiration": { // Specifies the expiration for the lifecycle of the object in the form of date, days and, // whether the object has a delete marker. "date": "1970-01-31T02:30:59Z", // [google.protobuf.Timestamp] // Cannot be set together with: days // Indicates at what date the object will be deleted. The time is always midnight UTC. "days": int32, // Cannot be set together with: date // Indicates the lifetime, in days, of the objects that are subject to the rule. // The value must be a non-zero positive integer. "expired_object_delete_marker": bool // Indicates whether the system will remove a "delete marker" with no noncurrent versions. // If set to true, the "delete marker" will be permanently removed. // If set to false the policy takes no action. // This cannot be specified with Days or Date in a LifecycleExpiration Policy. }, "filter": { // [non_empty_default] // The Filter is used to identify objects that a Lifecycle Rule applies to. // The Lifecycle Rule will apply to any object matching all of the predicates // configured inside (using logical AND). "object_size_greater_than_bytes": int64, // Minimum object size to which the rule applies. "object_size_less_than_bytes": int64, // Maximum object size to which the rule applies. "prefix": string // Prefix identifying one or more objects to which the rule applies. // If prefix is empty, the rule applies to all objects in the bucket. }, "id": string, // [required] // Unique identifier for the rule per configuration. // The value cannot be longer than 255 characters. "noncurrent_version_expiration": { // Specifies when noncurrent object versions expire. // It works only on a bucket that has versioning enabled (or suspended). "newer_noncurrent_versions": int32, // [optional] // Specifies how many noncurrent versions the system will retain. "noncurrent_days": int32 // Specifies the number of days an object is noncurrent before the system will expire it. }, "noncurrent_version_transition": { // Specifies the transition for the lifecycle of a noncurrent object. // It works only on a bucket that has versioning enabled (or suspended). "newer_noncurrent_versions": int32, // [optional] // Specifies how many noncurrent versions the system will retain without transition. "noncurrent_days": int32, // Specifies the number of days an object is noncurrent before the system will transit it. "storage_class": enum( // Target storage class to transit to. "STORAGE_CLASS_UNSPECIFIED", "STANDARD", "ENHANCED_THROUGHPUT", "INTELLIGENT", "FILESYSTEM" // Special storage class only for filesystem buckets. ) }, "status": enum( // [required] "STATUS_UNSPECIFIED", "ENABLED", "DISABLED" ), "transition": { // Specifies the transition for the lifecycle of an object in the form of date or days and // target storage class to transit object to. "date": "1970-01-31T02:30:59Z", // [google.protobuf.Timestamp] // Cannot be set together with: days, days_since_last_access // Indicates at what date the object will be transited. The time is always midnight UTC. "days": int32, // Cannot be set together with: date, days_since_last_access // Amount of days since object was uploaded before it's transited to a new storage class. // The value must be a non-zero positive integer. "days_since_last_access": int32, // Cannot be set together with: date, days // The number of days since the object was last accessed before it is transitioned. "storage_class": enum( // Target storage class to transit to. "STORAGE_CLASS_UNSPECIFIED", "STANDARD", "ENHANCED_THROUGHPUT", "INTELLIGENT", "FILESYSTEM" // Special storage class only for filesystem buckets. ) } }] }, "max_size_bytes": int64, // Maximum bucket size. // Zero means unlimited. // Actual limit can be lower if customer doesn't have enough quota. // Real bucket size can go a little higher if customer writes too fast. "object_audit_logging": enum( // Object audit logging specifies which requests must be logged - none, all or mutational only. "OBJECT_AUDIT_LOGGING_UNSPECIFIED", "NONE", // Logging is disabled. "MUTATE_ONLY", // Logging enabled only for mutating requests. "ALL" // Logging enabled for all requests. ), "versioning_policy": enum( // [non_empty_default] // Supports transitions: // * disabled -> enabled // * disabled -> suspended // * enabled <-> suspended. "VERSIONING_POLICY_UNSPECIFIED", "DISABLED", "ENABLED", "SUSPENDED" ) } } ``` ```json theme={null} nebius storage bucket create ' { "metadata": { "labels": { "": "" }, "name": "", "parent_id": "", "resource_version": 0 }, "spec": { "bucket_policy": { "rules": [{ "anonymous": { }, "paths": [""], "roles": [""] }] }, "cors": { "rules": [{ "allowed_headers": [""], "allowed_methods": [""], "allowed_origins": [""], "expose_headers": [""], "id": "", "max_age_seconds": 0 }] }, "default_storage_class": "storage_class_unspecified"|"standard"|"enhanced_throughput"|"intelligent"|"filesystem", "force_storage_class": false, "lifecycle_configuration": { "last_access_filter": { "conditions": [{ "methods": "method_unspecified"|"get_object"|"head_object"|"get_object_tagging"|"copy_object"|"upload_part_copy", "type": "type_unspecified"|"include"|"exclude" , "user_agents": [""] }] }, "rules": [{ "abort_incomplete_multipart_upload": { "days_after_initiation": 0 }, "expiration": { "date": "1970-01-31T02:30:59Z", "expired_object_delete_marker": false }, "filter": { "object_size_greater_than_bytes": 0, "object_size_less_than_bytes": 0, "prefix": "" }, "id": "", "noncurrent_version_expiration": { "newer_noncurrent_versions": 0, "noncurrent_days": 0 }, "noncurrent_version_transition": { "newer_noncurrent_versions": 0, "noncurrent_days": 0, "storage_class": "storage_class_unspecified"|"standard"|"enhanced_throughput"|"intelligent"|"filesystem" }, "status": "status_unspecified"|"enabled"|"disabled", "transition": { "date": "1970-01-31T02:30:59Z", "storage_class": "storage_class_unspecified"|"standard"|"enhanced_throughput"|"intelligent"|"filesystem" } }] }, "max_size_bytes": 0, "object_audit_logging": "object_audit_logging_unspecified"|"none"|"mutate_only"|"all" , "versioning_policy": "versioning_policy_unspecified"|"disabled"|"enabled"|"suspended" } } ' ``` Auto generated on 12-May-2026