C2S S3: Specifying authentication details for a Cloud Storage Pool

To use the Commercial Cloud Services (C2S) S3 service as a Cloud Storage Pool, you must configure C2S Access Portal (CAP) as the authentication type, so that StorageGRID can request temporary credentials to access the S3 bucket in your C2S account.

Before you begin

Procedure

  1. In the Authentication section, select CAP (C2S Access Portal) from the Authentication Type drop-down.
    The CAP C2S authentication fields appear.
    Create Cloud Storage Pool C2S
  2. In the Authentication section of the dialog box, provide the following information:
    1. For Temporary Credentials URL, enter the complete URL that StorageGRID will use to obtain temporary credentials from the CAP server, including all the required and optional API parameters assigned to your C2S account.
    2. For Server CA Certificate, click Select New, and upload the PEM-encoded CA certificate that StorageGRID will use to verify the CAP server.
    3. For Client Certificate, click Select New, and upload the PEM-encoded certificate that StorageGRID will use to identify itself to the CAP server.
    4. For Client Private Key, click Select New, and upload the PEM-encoded private key for the client certificate.
      If the private key is encrypted, the traditional format must be used. (PKCS #8 encrypted format is not supported.)
    5. If the client private key is encrypted, enter the passphrase for decrypting the client private key. Otherwise, leave the Client Private Key Passphrase field blank.
  3. In the Server Verification section, provide the following information:
    1. For Certificate Validation, select Use custom CA certificate.
    2. Click Select New, and upload the PEM-encoded CA certificate.
  4. Click Save.
    When you save a Cloud Storage Pool, StorageGRID does the following:
    • Validates that the bucket and the service endpoint exist and that they can be reached using the credentials that you specified.
    • Writes a marker file to the bucket to identify the bucket as a Cloud Storage Pool. Never remove this file, which is named x-ntap-sgws-cloud-pool-uuid.

    If Cloud Storage Pool validation fails, you receive an error message that explains why validation failed. For example, an error might be reported if there is a certificate error or if the bucket you specified does not already exist.


    Cloud Storage Pool Create Error

    See the instructions for troubleshooting Cloud Storage Pools, resolve the issue, and then try saving the Cloud Storage Pool again.