S3 object storage workflow

Secure storage of S3 access keys

Upload files to an S3 bucket with verification

List S3 bucket contents and select files

Download files from S3 bucket


Support for AWS, Backblaze and Wasabi S3 cloud storage
Other S3 storage providers using AWS API may be compatible
Directly uploading to S3 from tape or downloading from S3 to tape is not recommended
Any bandwidth limitations will cause the tape drive to over or under-run
Instead use local storage and create two jobs on YoYotta

S3 support requires YoYotta Server subscription and at least one YoYotta v4 subscription

Secure storage of S3 access keys

Manage S3 access keys

Log in to the YoYotta Server as an admin user.
Then select Admin, Objects in the sidebar.
All the S3 access keys will be listed.

Here is an example of minimum AWS S3 IAM Permissions
To disable downloads remove s3:GetObject
To disable uploads remove s3:PutObject

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        }
    ]
}

Or leave the AWS IAM settings as shown above and adjust the Mode options in the YoYotta Server Keys table, choose between Upload+Download, Upload only or Download only.
The mode can also be set to list only, handy to allow a user to check the bucket contents but not have any upload/download access.
For added security limit use of the S3 key to a specific YoYotta Server user, IP address and computer MAC address.
Set an expiry for the key from today or from first use.


Add a new key

Enter a name as a reference
Enter the access and secret keys.
For Backblaze and Wasabi enter the bucket endpoint. This is not needed for AWS S3 storage.
If the key allows access to multiple buckets you can limit which ones can be accesed by adding one or more bucket names.
Also the prefix can limit access just to certain folders inside the bucket.


Activate required keys

There are two ways to toggle the key's Active flag.

  • Alt click in the cell
  • Select the cell and click the edit button in the table toolbar

The YoYotta Mac client has to log into the server and will only see active keys.
Keys are secure, as they are never stored and cannot be viewed on the Mac.

Upload files to S3 buckets with verification

Choose the upload bucket

Here the active buckets are listed.
Choose a bucket


Check the paths

Click on Edit Path... to set the required destination paths.


Set the Upload speed

Open the Server setup panel and click the S3 button.
Set the maximum transfer speed. Limiting the speed is a good idea if the internet connection is shared.


Start the upload

The upload progress is shown. The speeds are bits per second. Divide by 8 to get bytes per second.


Upload completed


S3 storage classes

When viewing a storage bucket in the Source Browser the storage class for each object is listed in the S3 Class column.
The Restore column shows if an object can be downloaded. If there is a red status then this means that the object must be restored from Glacier storage before it can be downloaded.
Use the AWS S3 Console to initiate the restore. Whilst this is in progress the Restore status will be orange.
YoYotta will automatically skip objects that are not available for download.

  • S3 Standard
  • General purpose storage for frequently accessed data
  • S3 Standard IA
  • Infrequently accessed data that needs millisecond access
  • S3 One Zone IA
  • Re-creatable infrequently accessed data
  • S3 Glacier Instant Retrieval
  • Long-lived data that is accessed a few times per year with instant retrievals
  • S3 Glacier Flexible Retrieval
  • Backup and archive data that is rarely accessed and low cost
  • S3 Glacier Deep Archive
  • Archive data that is very rarely accessed and very low cost


List S3 buckets contents and select files

Select a bucket

Click the + button above the job table.
The active buckets that have been setup on the YoYotta Server will appear.
Select S3 Buckets in the dropdown in the bottom left.
Select the bucket.
Click Add Selected


View bucket contents in Source Browser

Note that thumbnails will only be shown if this Mac was used to index and create thumbnails of the content before uuploading to S3 storage.

Download files from S3 bucket

Select and add a source bucket as shown above.
Add a destination.


Start the download


All files downloaded

© 2025 YoYotta Back to Top