Files Overview
FoundryDB Files is S3-compatible object storage built into the platform. Each files service is one private bucket, provisioned in minutes, hosted in the same European or US region as your databases and apps.
What Files Provides
| Capability | Details |
|---|---|
| S3-compatible API | Works with any S3 SDK, CLI, or tool without modification |
| Scoped access keys | Mint credentials restricted to a prefix and permission level |
| Presigned URLs | Time-limited signed URLs for browser-direct uploads and downloads |
| App attachment | Attach to a hosted app and credentials are injected as environment variables automatically |
| Console object browser | List and delete objects from the platform API |
| Storage quotas | Soft quota triggers a notification; hard quota blocks new uploads while reads continue |
How a Files Service Works
Provisioning is asynchronous. A POST /file-services call returns immediately with a Pending service. The controller provisions the bucket and transitions the service through ProvisioningBucket to Running. Poll GET /file-services/{id} or watch the dashboard to confirm readiness.
Each bucket is provisioned with versioning, server-side encryption, and a noncurrent-version expiry lifecycle rule enabled by default. You do not need to configure these.
Security Model
Access is private by default. An unsigned anonymous request returns 403. Objects are reachable only through:
- A signed S3 request using a scoped access key
- A presigned URL issued by the platform API
- An app container whose attachment key is injected automatically
There is no public-read mode.
Regions and Endpoints
Buckets are placed on a platform-managed object storage instance for the region that covers your selected zone.
| Zone region | S3 endpoint |
|---|---|
europe (se-sto1, fi-hel1, de-fra1, …) | https://eu.files.foundrydb.com |
| us | https://us.files.foundrydb.com |
Addressing is virtual-host style. The effective URL for an object is:
https://{bucket-name}.eu.files.foundrydb.com/{object-key}
When configuring an S3 client, use the region endpoint (eu.files.foundrydb.com or us.files.foundrydb.com) as the endpoint override. The SDK prepends the bucket label automatically.
Quotas
Every service has a soft quota and a hard quota, both in GB.
- Crossing the soft quota sends a notification.
- While measured usage exceeds the hard quota, upload presigning and access key creation return
403. Read operations continue so you can inspect and evacuate data.
Default quotas are 400 GB (soft) and 500 GB (hard). You can set custom values at creation time.
When to Use Files
Files is a good fit when you need:
- User-uploaded content stored next to a colocated database
- Presigned PUT URLs so browsers upload directly without routing bytes through your app
- Outputs from batch jobs (exports, reports, model artifacts) that other services consume later
- Least-privilege storage credentials scoped to individual apps with automatic rotation on detach
It is a single-bucket, single-region service. It does not replace multi-region object storage or provide CDN delivery.
What's Next
- Buckets and Keys — create a service and mint credentials
- Using S3 Clients — AWS CLI and SDK examples
- Attach to Apps — automatic credential injection for hosted apps