# Tigris Web Console [Tigris Web Console](https://console.storage.dev/) is the browser UI for creating buckets, uploading objects, managing access keys, and configuring bucket settings. ## Getting Started[​](#getting-started "Direct link to Getting Started") 1. Create an account at [storage.new](https://storage.new/). 2. Create a bucket with a unique name. 3. Create [access keys](https://console.storage.dev/createaccesskey) and upload data with any [S3-compatible tool, library, or extension](/docs/sdks/s3/.md). ## Manage access with IAM[​](#manage-access-with-iam "Direct link to Manage access with IAM") Tigris supports fine-grained access control through familiar AWS-style IAM policies, including `Condition` blocks for IP and date-based restrictions. In the [Access Keys](https://console.storage.dev/createaccesskey) page of the Web Console you can: * Create access keys scoped to specific buckets with `Admin`, `Editor`, or `ReadOnly` permissions. * Attach IAM policies that allow or deny specific S3 actions (`s3:GetObject`, `s3:PutObject`, `s3:ListBucket`, etc.) at the bucket, prefix, or object level. * Use `Condition` blocks to restrict a key by source IP (`IpAddress`, `NotIpAddress`) or by time window (`DateGreaterThan`, `DateLessThan`, etc.) — useful for locking a key to a CI runner's IP range or auto-expiring a credential. Policies use the standard AWS IAM JSON syntax (`Version`, `Statement`, `Effect`, `Action`, `Resource`, `Condition`), so existing AWS policies port over directly. Two prebuilt roles control dashboard access for organization members: `Member` (list and create buckets) and `Admin` (full access plus member management). See [IAM Overview](/docs/iam/.md), [Manage Access Keys](/docs/iam/manage-access-key/.md), and [IAM Policies](/docs/iam/policies/.md). ## Choose a storage tier[​](#choose-a-storage-tier "Direct link to Choose a storage tier") Each bucket has a default storage tier. Pick one based on access patterns: * **Standard** — frequently accessed data. * **Infrequent Access** — lower cost for data accessed less often. * **Archive** — lowest cost; objects need a restore step (\~1 hour) before access. * **Archive Instant Retrieval** — low cost with no restore step. Override the tier per object at upload time using the S3 storage class (`STANDARD`, `STANDARD_IA`, `GLACIER`, `GLACIER_IR`). See [Storage Tiers](/docs/objects/tiers/.md). ## Configure bucket settings[​](#configure-bucket-settings "Direct link to Configure bucket settings") Open a bucket and click **Settings** to configure: * **Public / Private Access** — set the default ACL for the bucket, and optionally enable per-object ACLs. See [Public Buckets](/docs/buckets/public-bucket/.md) and [Object ACLs](/docs/objects/acl/.md). * **Snapshots and Forks** — capture **whole-bucket point-in-time snapshots** and create zero-copy forks of them. Must be enabled at **bucket creation time** — can't be turned on for an existing bucket. See [Bucket Snapshots and Forks](/docs/buckets/snapshots-and-forks/.md). * **Bucket Sharing** — share a bucket with other organization members or outside collaborators. See [Bucket Sharing](/docs/buckets/sharing/.md). * **Bucket Location**, **Cache Control**, **TTL**, **Object Lifecycle**, **Custom Domains**, **CORS**, **Object Notifications**, and **Deletion Protection**. For the full list, see [Bucket Settings](/docs/buckets/settings/.md). ## Migrate from another S3 provider[​](#migrate-from-another-s3-provider "Direct link to Migrate from another S3 provider") On a bucket's **Settings** page in the Web Console you can configure a **shadow bucket** that lazily migrates data from your existing S3-compatible bucket as it's accessed, with no upfront copy. With **write-through mode** enabled, new writes are mirrored back to the source so you can roll back until you're ready to cut over. Open a bucket → **Settings** → **Enable Data Migration** → provide the source endpoint and credentials. See [Migrate to Tigris](/docs/migration/.md) and the provider-specific guides: [AWS S3](/docs/migration/aws-s3/.md), [Google Cloud Storage](/docs/migration/gcs/.md), [Cloudflare R2](/docs/migration/cloudflare-r2/.md), [MinIO](/docs/migration/minio/.md), and [other S3-compatible providers](/docs/migration/s3-compatible/.md).