No third-party library is required.
A container is an S3 bucket and an S3 account. Access key ID and Secret access key must be provided.
Access keys can be from the account credentials that have rights to all services or from credentials that have limited IAM policies attached. Read how to control access credentials.
The bucket may already exist, but if it is, it must be empty and owned by the account associated with the access key ID.
S3 buckets have a global namespace, so it is not possible to get a bucket that someone else is already using. For that reason, this service will never attempt to delete a bucket.
If the 'Serve with CloudFront' option is enabled, then a CloudFront distribution will be attached to the S3 bucket. This takes several minutes. Storage API will poll CloudFront during cron to determine when the distribution has been deployed. Until this occurs files will be served directly from S3.
If the 'Stream with CloudFront' option is enabled, then a CloudFront streaming distribution will be attached to the S3 bucket.
The geographical location of the bucket can also be selected. The options are US Standard (default), US-West (Northern California) and EU (Ireland).
A container with access control enabled will only serve a file when the URL has been cryptographically signed. This service does this automatically. The URL lifetime setting defines how long the signed URLs will operate for. Be aware that if these URLs are cached anywhere, they may have already expired when sent out to the client if the lifetime is not sufficiently large.
This service supports Storage API's 'can_copy' functionality. This means that files can be copied between S3 containers directly. This is considerably faster than downloading and uploading, and does not incur a charge.