> For the complete documentation index, see [llms.txt](https://docs.flashback.tech/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.flashback.tech/guides/setup-the-cloud-and-ai-gateway/start-with-cloud-storage/create-a-bucket.md).

# Configure a Bucket

{% hint style="info" %}
We highly recommend to read the page describing the [Cloud Storage](/flashgate-platform/cloud-and-ai-gateway/cloud-storage.md) in Flashgate and you can also set up a bucket with our [API calls](/support-reference/platform-api-reference/storage-apis/bucket-management.md).
{% endhint %}

{% hint style="danger" %}
The guide is experimental and may contain errors as our technology continues to evolve. If you encounter any problems, please do not hesitate to contact us in [Discord](https://discord.com/invite/yy8kyM5qFB) and give us your feedback.
{% endhint %}

## Properties

Each bucket has the following properties:<br>

* **Bucket Label** (required)\
  A human-readable description of the bucket.
* **Storage Type**\
  Supported storage types according to its API interface:

  * AWS S3 or equivalent S3-compatible storage buckets indicating the custom endpoint.
  * Google Cloud Storage or equivalent GCS-compatible storage buckets indicating the custom endpoint.
  * Microsoft Azure Blob.

  Example: Connect to an S3-compatible endpoint, you will select “S3”.

## Access Mechanisms for Flashgate

There are 2 access mechanisms to the APIs:

* **Classic access**\
  Providing API key/secret (S3) or client email/private key (GCS).
* **Delegated access to** [**Flashgate platform account**](/guides/configure-external-delegated-credentials.md)\
  Only available if we access a native S3/GCS/Azure Blob endpoint:
  * **S3**: Require an access Role ARN (resource name) and external ID created for Flashgate AWS user, with the access policy configured for the destination bucket(s).
  * **GCS**: Flashgate service account (GCS) with token creation permission and permissions to the GCS buckets.
  * **Azure**: Flashgate Azure identity with guest/service-principal access granted through RBAC at storage account or container scope. See [Azure Blob delegated access](/guides/configure-external-delegated-credentials/configure-external-access-for-azure-blob.md).

{% hint style="info" %}
For general details explaining how the delegation process/grant guest access works:

* In AWS/S3, check out [this article](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_common-scenarios_third-party.html).
* In Google Cloud/GCS, check out [this article](https://cloud.google.com/iam/docs/manage-access-service-accounts).
* In Azure/Blob, check out [this article](https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal).
  {% endhint %}

## Storage Type

{% hint style="danger" %}
All bucket and storage-account names must be globally unique across S3, GCS, and Azure—no two providers can use the same name. This is essential for a stable integration in the [Repositories](/flashgate-platform/cloud-and-ai-gateway/repositories.md).\
**Collisions such as an S3/GCS bucket named `mybucket` and an Azure storage account or container under `mybucket` are not allowed, though multiple containers from the&#x20;*****same*****&#x20;Azure storage account are permitted.**
{% endhint %}

### AWS S3 or Compatible Provider

You must indicate the parameters to allow access the remote bucket.

* **Bucket Name**\
  As it appears in the S3 configuration or in the URLs.
* **Access Key/ARN** (required)\
  API key or [AWS delegated Role ARN](/guides/configure-external-delegated-credentials/configure-external-access-for-aws-s3.md) to access the bucket.
* **Secret Key** (required)\
  API secret or [External ID](/guides/configure-external-delegated-credentials.md#configure-external-access-for-aws-s3) to access the bucket.
* **Endpoint** (optional)\
  An URL for the endpoint. **If empty, we assume we are connecting to AWS**. If not empty, we assume a non-AWS S3-compatible API endpoint from an external data provider.
* **Region** (required if **endpoint** field is empty)\
  AWS region the bucket is in. Not needed if we provide a custom, non-AWS endpoint.

### GCS or Compatible Provider

You must indicate the parameters to allow access the remote bucket.

* **Bucket Name**\
  As it shows in the Project storage section.
* **Client Email** (required)\
  Client email to access the bucket. It can be the service account or a [delegated service account](/guides/configure-external-delegated-credentials/configuring-external-access-for-gcss-buckets.md) that has been configured to grant external access to Flashgate's service account
* **Private Key** (empty if delegated access)\
  Private key to access the bucket.
* **Endpoint**\
  An URL of the endpoint. If empty, we assume we are connecting to a GCS bucket. If not empty, we assume a non-GCP GCS-compatible API endpoint from an external data provider.

### Microsoft Azure

You must indicate the parameters to allow access the remote bucket (container in Azure terms).

* **Storage Account**
* **Container**
* **Access key**: account key from Azure Storage Account (optional in delegated setups). For delegated guidance, see [Configure Azure Blob delegated access](/guides/configure-external-delegated-credentials/configure-external-access-for-azure-blob.md).

## Instructions

Here’s a step-by-step guide to creating a new Bucket in the Flashgate Platform:

{% stepper %}
{% step %}

#### Access the Buckets page

In the left-hand menu, select **Storage** → **Buckets**.
{% endstep %}

{% step %}

#### Create a new Connector (called Bucket)

Click the + **Add Bucket** button and select the provider where you will connect your tenant bucket or storage account to this Flashgate bucket.
{% endstep %}

{% step %}

#### Fill in the Bucket properties

On the “Create Bucket” form, enter the following fields (all are required unless noted otherwise):

**Bucket Label:** human-readable label for this bucket of the Flashgate Platform (e.g. “Backups-EU”).

{% hint style="info" %}
We recommend to have unique name per bucket to avoid issues when you'll set up [your repository](/flashgate-platform/cloud-and-ai-gateway/repositories.md).
{% endhint %}

**Storage Type:** You can choose of:

* **S3** (AWS or any S3-compatible endpoint provider)
* **GCS** (GCP or any GCS-compatible endpoint provider)
* **Azure Blob** (only Microsoft Azure)
  {% endstep %}

{% step %}

#### Add Vendor's Bucket

***AWS or any S3-compatible provider***

* **Bucket Name:** The exact identifier as defined by your provider in your vendor tenant (e.g. the S3 bucket name in your AWS account).
* **Access Key**: Your S3 API Key/AWS access key ID **OR** the IAM Role ARN if using [AWS delegated Role ARN](/guides/configure-external-delegated-credentials/configure-external-access-for-aws-s3.md)
* **Secret Key**: Your AWS secret key **OR** External ID for delegated roles
* **Endpoint** *(optional)*: custom S3 endpoint URL **OR** leave blank if using AWS
* **Region**: AWS region required if no custom endpoint.

***GCP or any GCS-compatible provider***

* **Bucket Name:** The exact identifier as defined by your provider in your vendor tenant (e.g. the S3 bucket name in your GCS account).
* **Client Email**: Your service account email **OR** a [delegated service account](/guides/configure-external-delegated-credentials/configuring-external-access-for-gcss-buckets.md)
* **Private Key**: service account private key **OR** leave blank if using delegated access
* **Endpoint** *(optional)*: custom GCS-compatible endpoint **OR** leave blank if using GCP

***Azure***

* **Storage Account**: your Azure storage account name
* **Container**: the container within that account
* **Access Key** *(optional)*: account key **OR** leave blank for delegated guest access
  {% endstep %}

{% step %}

#### Save your new Bucket

Click **Save** (or **Create**) at the bottom of the form. Your bucket will now appear in the list, and you can begin using it in Repositories, generate API keys, or attach it to workflows.
{% endstep %}
{% endstepper %}


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.flashback.tech/guides/setup-the-cloud-and-ai-gateway/start-with-cloud-storage/create-a-bucket.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.