Storage - Buckets

1. System Context

Developers use Nitric to declare buckets within their application.

  • App code uses the Bucket resource from the Nitric SDK.
  • Developers configure buckets and implement application logic to securely access and manipulate bucket data.
  • Developers request the level of access they require for the bucket in their application logic e.g. read, write, delete.
  • Developers can implement handlers for on events such as read, write or delete.

Operations use default or overridden Terraform modules to provision the necessary resources for their target cloud.

Example AWS Provider
  • AWS S3 serves as the storage backend.
  • AWS Lambda functions are used to process events triggered by S3.
  • AWS IAM provides roles and policies for secure access to S3 buckets and Lambda functions, enforcing least priviledge access based on the developers request.
Code
Terraform
Create S3 Bucket
Configure Notifications
Allow Lambda Invocation
Store/Retrieve Data/Trigger onEvents
Provide Access
Developer
Operations
nitric up
AWS S3 Bucket
AWS Lambda Functions
AWS IAM
Example GCP Provider
  • Google Cloud Storage serves as the storage backend.
  • Google Cloud Pub/Sub is used to publish events triggered by Cloud Storage notifications.
  • Google IAM provides roles and policies for secure access to Cloud Storage buckets and Pub/Sub topics, enforcing least privilege access based on the developer's request.
Code
Terraform
Create Storage Bucket
Configure Notifications
Allow Pub/Sub Publishing
Publish Events
Deliver Notifications
Provide Access
Store/Retrieve Data/Trigger onEvents
Developer
Operations
nitric up
Google Cloud Storage Bucket
Google Pub/Sub Topic
Google Pub/Sub Subscription
Google IAM
AWS Lambda Functions

2. Sequence

ClientNitric SDKNitric RuntimeCloud Storage (e.g., S3, GCS)alt[Successful Operation][Failure]Perform storage operation (e.g., write, read, delete)Forward storage API callExecute storage operationReturn result (e.g., data or success status)Return resultReturn result to clientReturn errorForward errorReturn error responseClientNitric SDKNitric RuntimeCloud Storage (e.g., S3, GCS)

3. Component

Bucket Module

  • Ensures storage buckets have unique names by appending a randomly generated identifier. This avoids naming conflicts and aligns with best practices for globally accessible cloud resources.
  • Supports the addition of metadata tags for resource identification, management, and tracking, enabling better governance.
  • Configures storage bucket notifications to trigger functions or message queues based on specified events (e.g., object creation, update, or deletion).
  • Implements least privilege access by dynamically assigning permissions to functions or services that interact with the storage bucket.
  • Uses templates or dynamic blocks to handle multiple notification targets, allowing scalability and flexibility for different workflows.

4. Code

Developers write application code that uses the Bucket resource from the SDK, configures the bucket, and implements the application logic to read, write and delete files.

SDK Reference by language -

Operations will use or extend the Nitric Terraform reference modules:

Edit this page on GitHub
Last updated on Jan 24, 2025