Currently, we are able to configure various options for our backup storage. One of these options is S3-compatible, which largely adheres to S3 standards.

Some time ago, Cloudflare introduced R2, an object storage solution that is S3-compatible to a certain extent. I have tested it, and it works well with ISPManager, but only if we configure full access to our buckets within R2 (granting admin access rights).

When configuring API tokens for buckets, we have these four options on the R2 side (Permissions specify the R2 Storage permission type for this token):

1. Admin Read & Write: Allows the ability to create, list, and delete buckets, edit bucket configurations, and list, write, and read objects.
2. Admin Read Only: Allows the ability to list buckets and view bucket configurations, as well as list and read objects.
3. Object Read & Write: Allows the ability to read, write, and list objects in specific buckets.
4. Object Read Only: Allows the ability to read and list objects in specific buckets.

ISPManager, with its current implementation of the S3-compatible option, only works if we use the Admin Read & Write permissions. However, this gives ISPManager access to all the buckets and allows it to manage them. From a security perspective, this is not acceptable, as we do not want to give access to any other bucket than the one dedicated to our backups.

If we use the Object Read & Write permissions for our token and select which bucket should be accessible, ISPManager will not work with such permissions. It still requires creating a new bucket even if we set the bucket name in the URL path, but a token with Object Read & Write permission does not allow this.

It would be great to either:

• Update the current S3-compatible implementation to work with the R2 implementation, where we can give access to a single or selected buckets for a given token (later used by ISPManager).
• Create a new, dedicated R2 backup option that handles Cloudflare's implementation of S3.

I believe having a proper implementation for R2 within ISPManager would be beneficial, as Cloudflare's offerings are often much more cost-effective than others and may become more popular soon.