As applications shouldn't write files to the local file system it makes sense to store user-uploaded files in the Dynamic Storage provided by Swisscom.
The Dynamic Storage service is similar to Amazon S3 where you would usually make the bucket with the user-uploaded files publicly readable with a bucket policy.
However how would I serve user-uploaded files from the Dynamic Storage as the "Put Bucket policy" is an unsupported operation?
You are correct, dynamic storage of Swisscom does not support the „PUT bucket policy“ operation. But you can serve files directly to the user by generating pre-signed URLs.
See Share an Object with Others
All objects by default are private. Only the object owner has
permission to access these objects. However, the object owner can
optionally share objects with others by creating a pre-signed URL,
using their own security credentials, to grant time-limited permission
to download the objects.
When you create a pre-signed URL for your object, you must provide
your security credentials, specify a bucket name, an object key,
specify the HTTP method (GET to download the object) and expiration
date and time. The pre-signed URLs are valid only for the specified
duration.
Anyone who receives the pre-signed URL can then access the object. For
example, if you have a video in your bucket and both the bucket and
the object are private, you can share the video with others by
generating a pre-signed URL.
By using a pre-signed URL you have to define how long the URL shall be valid. We recommend to choose an expiration date that makes sense for the specific use-case.
Info: currently the S3 storage is powered by Atmos