S3: Specifying authentication details for a Cloud Storage Pool

When you create a Cloud Storage Pool for S3, you must select the type of authentication that is required for the Cloud Storage Pool endpoint. You can specify Anonymous or enter an Access Key ID and Secret Access Key.

Before you begin

Procedure

  1. In the Service Endpoint section, provide the following information:
    1. Select which protocol to use when connecting to the Cloud Storage Pool.
      The default protocol is HTTPS.
    2. Enter the server hostname or IP address of the Cloud Storage Pool.
      For example:
      s3-aws-region.amazonaws.com
      Note: Do not include the bucket name in this field. You include the bucket name in the Bucket or Container field.
    3. Optionally, specify the port that should be used when connecting to the Cloud Storage Pool.
      Leave this field blank to use the default port: port 443 for HTTPS or port 80 for HTTP.
  2. In the Authentication section, select the type of authentication that is required for the Cloud Storage Pool endpoint.
    Option Description
    Access Key An Access Key ID and Secret Access Key are required to access the Cloud Storage Pool bucket.
    Anonymous Everyone has access to the Cloud Storage Pool bucket. An Access Key ID and Secret Access Key are not required.
    CAP (C2S Access Portal) Used for C2S S3 only. Go to C2S S3: Specifying authentication details for a Cloud Storage Pool.
  3. If you selected Access Key, enter the following information:
    Option Description
    Access Key ID The Access Key ID for the account that owns the external bucket.
    Secret Access Key The associated Secret Access Key.
  4. In the Server Verification section, select which method should be used to validate the certificate for TLS connections to the Cloud Storage Pool:
    Option Description
    Use operating system CA certificate Use the default CA certificates installed on the operating system to secure connections.
    Use custom CA certificate Use a custom CA certificate. Click Select New, and upload the PEM-encoded CA certificate.
    Do not verify certificate The certificate used for the TLS connection is not verified.
  5. Click Save.
    When you save a Cloud Storage Pool, StorageGRID does the following:
    • Validates that the bucket and the service endpoint exist and that they can be reached using the credentials that you specified.
    • Writes a marker file to the bucket to identify the bucket as a Cloud Storage Pool. Never remove this file, which is named x-ntap-sgws-cloud-pool-uuid.

    If Cloud Storage Pool validation fails, you receive an error message that explains why validation failed. For example, an error might be reported if there is a certificate error or if the bucket you specified does not already exist.


    Cloud Storage Pool Create Error

    See the instructions for troubleshooting Cloud Storage Pools, resolve the issue, and then try saving the Cloud Storage Pool again.