Release notes
Enable client access from an S3 app
Suggest changes
-
PDF of this doc site
-
Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
-
Manage file access using SMB
-
-
-
Security and data encryption
-
Data protection and disaster recovery
-
Data protection with the CLI
-
-
Collection of separate PDF docs
Creating your file...
For S3 client apps to access the ONTAP S3 server, the ONTAP S3 administrator must provide configuration information to the S3 user.
The S3 client app must be capable of authenticating with the ONTAP S3 server using the following AWS signature versions:
-
Signature Version 4, ONTAP 9.8 and later
-
Signature Version 2, ONTAP 9.11.1 and later
Other signature versions are not supported by ONTAP S3.
The ONTAP S3 administrator must have created S3 users and granted them access permissions, as an individual users or as a group member, in the bucket policy or the object storage server policy.
The S3 client app must be capable of resolving the ONTAP S3 server name, which requires that ONTAP S3 administrator provide the S3 server name (FQDN) and IP addresses for the S3 server's LIFs.
To access an ONTAP S3 bucket, a user on the S3 client app enters information provided by the ONTAP S3 administrator.
Beginning with ONTAP 9.9.1, the ONTAP S3 server supports the following AWS client functionality:
-
user-defined object metadata
A set of key-value pairs can be assigned to objects as metadata when they are created using PUT (or POST). When a GET/HEAD operation is performed on the object, the user-defined metadata is returned along with the system metadata.
-
object tagging
A separate set of key-value pairs can be assigned as tags for categorizing objects. Unlike metadata, tags are created and read with REST APIs independently of the object, and they implemented when objects are created or any time after.
To enable clients to get and put tagging information, the actions
GetObjectTagging,PutObjectTagging, andDeleteObjectTaggingneed to be allowed using the bucket or group policies.
For more information, see the AWS S3 documentation.
-
Authenticate the S3 client app with the ONTAP S3 server by entering the S3 server name and the CA certificate.
-
Authenticate a user on the S3 client app by entering the following information:
-
S3 server name (FQDN) and bucket name
-
the user's access key and secret key
-