How to connect Scaleway Object Storage

This tutorial provides a clear, step-by-step process for creating an IAM API Key in Scaleway. This key will be associated with an Application in Scaleway, and will be used by KaloraCloud to write to your Object Storage.

Step 0: Start a connection in KaloraCloud

To start, open Cloud Connections in your Kalora Dashboard.

💡 Comfortable with a command line? If you’d rather run a script, check out our step-by-step CLI guide instead.

Note: If you’re comfortable with a command-line, see how to quickly Connect Scaleway with CLI.

Step 1: Create a New Application

Next, in your Scaleway console, you need to create an “Application” which will act as the identity for your API key.

Navigate to Identity and Access Management (IAM) in your Scaleway console.
Click on the Applications tab.
Click the + Create application button.
Give your application a clear Name (e.g., kalora-storage-app) and an optional description.
Important: Do not attach a policy at this stage. Leave the policy field blank and click Create application.

Navigating to the Applications tab and clicking Create application.

Filling in the application name and description.

Step 2: Generate a New API Key

Now that the application exists, you can generate an API key for it.

While still in IAM, click on the API keys tab.
Click the + Generate API key button.

Navigating to the API keys tab and clicking Generate API key.

Step 3: Configure the API Key Bearer

Here, you’ll link the new key to the application you created.

For the “API key bearer”, select An application.
In the dropdown, choose the application you just created (e.g., kalora-storage-app).
Set the Expiration to Never for a long-lasting key.

Selecting the application as the bearer and setting the expiration to never.

Step 4: Set the Preferred Project

To ensure the key has the correct default context for its operations, associate it with your primary project.

Select Yes, set up preferred Project.
Choose the Project that contains your Object Storage buckets from the dropdown menu.
Click Generate API key.

Setting the preferred project for the API key.

Step 5: Finish your connection

This is the most critical step. Scaleway will only show you the Secret Key once.

The modal window will display your Access Key and Secret Key.
Immediately copy the Secret Key and go back to Kalora.
Paste the Access Key and the Secret Key in your cloud connection.

Note: If you lose the Secret Key, you must delete this API key and generate a new one.

Step 6: Define IAM Policy Permissions

After saving the connection, you need to go back to Scaleway console and create a policy to grant Kalora specific permissions to write to your buckets.

1. Create Policy & Assign Principal

Navigate to IAM > Policies and click + Create policy.
Give the policy a clear Name (e.g., kalora-object-storage-policy).
For the Principal, select Application and choose the app you created earlier.
Click Add rules.

Naming the policy and assigning the application as its principal.

2. Define the Rule’s Scope

Select Access to resources.
Choose the Project where your storage buckets will be.
Click Validate.

Setting the policy rule to scope access to resources within a specific project.

3. Set Storage Permissions

In the Permission sets list, select Storage.
Check the boxes for ObjectStorageObjectsRead and ObjectStorageObjectsWrite.
Click Create policy.

Selecting read and write permissions for Object Storage objects.

Step 7: Create the Object Storage Buckets

Finally, create the buckets where your files will be stored.

Navigate to Object Storage from the main console menu.
Click + Create bucket.
Choose a Region. If you deploy in multiple regions, you will need one bucket per region.
Enter a unique Bucket name.
If you need multiple regions, a good way to get an unique name is to append the region name to it.
- for example my-bucket-par, my-bucket-ams, my-bucket-war.
Set the visibility to Private and do not enable Versioning.
Click Create bucket.

Configuring and creating a new private Object Storage bucket.