Skip to main content

About Authentication and Access Control

Authentication and authorization for AI Object Storage

Before you start using AI Object Storage, you must set up access tokens, access keys, and organization access policies. Bucket access policies are optional for finer-grained control. The Object Storage API lets you manage access keys and policies programmatically, while the Object Storage S3 endpoint lets you create and manage buckets and objects.

Authentication summary table

This table summarizes the authentication required to use each AI Object Storage API and interface:

API/InterfacePurposeAuthentication Required
Object Storage API
api.coreweave.com
IAM management
Create access keys, org policies
Access tokens with admin or write permissions for AI Object Storage
Object Storage S3-compatible endpoints
cwobject.com or cwlota.com
Storage operations
Manage buckets, upload objects
Access keys to authenticate users
Cloud ConsoleBoth IAM and StorageAccess Tokens (IAM)
Access Keys (Storage)

When ready to move to production, you can use Workload Identity Federation to create more secure access keys.

Using policies for access control

After you create access tokens and access keys for authentication, you must create an organization policy to control access to AI Object Storage resources in your project. Optionally, you can also set bucket-level policies for finer-grained access control. Learn how organization and bucket policies are evaluated, and create an organization policy.

Get started