Build COS bucket configurations with storage classes, encryption, lifecycle rules, and object lock.
Last verified: May 2026
Build COS bucket configurations with storage classes, encryption, lifecycle rules, object lock, and IAM policies.
Required Fields
instanceNamebucketsbuckets[0].namebuckets[0].storageClassOutput will appear here...IBM Cloud Object Storage (COS) is S3-compatible object storage with tiered storage classes (Standard, Vault, Cold Vault, Smart Tier), encryption options, and lifecycle policies. The COS Bucket Builder produces complete bucket configurations — storage class, encryption (default, BYOK, KYOK), lifecycle rules, object lock for compliance, and cross-region replication. Output is Terraform-ready and matches `ibm_cos_bucket` parameters.
A regulatory requirement mandates 7-year retention of transaction logs that cannot be deleted by anyone, including system administrators. You configure a COS bucket with object lock in compliance mode and a 2557-day retention, plus KYOK encryption with keys held in Hyper Protect. The configuration goes through Terraform and the audit team has both the documented config and Terraform-state evidence. The audit signs off, and no further effort is needed to maintain the retention guarantee.
Use Smart Tier if your access pattern is unpredictable. It moves objects between hot and cold storage automatically based on access, charging a small monitoring fee but saving you from the wrong-class lock-in.
Set object lock thoughtfully — once enabled, the retention period cannot be shortened. A 7-year retention you enabled accidentally on a 100 TB bucket is a 7-year storage bill you cannot reduce.
The builder collects bucket name, region (or cross-region/regional), storage class, encryption (default, KMS-managed, KYOK), lifecycle rules, object lock config, and replication targets. It validates the combination — for example, object lock requires versioning enabled — and emits an `ibm_cos_bucket` Terraform resource with all the configuration. Replication produces a separate `ibm_cos_bucket_replication_rule` resource.
Was this tool helpful?
Disclaimer: This tool runs entirely in your browser. No data is sent to our servers. Always verify outputs before using them in production. AWS, Azure, and GCP are trademarks of their respective owners.