Creating a platform services endpoint

You must create at least one endpoint of the correct type before you can enable a platform service.

Before you begin

  • You must be signed in to the Tenant Manager using a supported browser.
  • Platform services have been enabled for your tenant account by a StorageGRID grid administrator.
  • You belong to a user group that has the Manage Endpoints permission.
  • The resource referenced by the platform services endpoint has already been created:
    • CloudMirror replication: S3 bucket
    • Event notification: SNS topic
    • Search notification: Elasticsearch index, if the destination cluster is not configured to automatically create indexes.
  • You have the information about the destination resource that is needed to create the platform services endpoint:
    • Uniform Resource Identifier (URI)
    • Unique Resource Name (URN)
    • Authentication credentials:
      • Access Key: Access key ID and secret access key
      • Basic HTTP: Username and password
    • Security certificate (if using a custom CA certificate)

Procedure

  1. Select S3 > Endpoints.
    The Endpoints page opens and shows the list of platform services endpoints that have already been configured.
    screenshot of S3 > Endpoints page
  2. Click Create to create a new endpoint.

    Screenshot of the create endpoint dialog box
  3. Enter a Display Name, URI, and URN for the endpoint:
    Field Description
    Display Name A name that briefly describes the endpoint and its purpose.

    The type of platform service that the endpoint supports is shown beside the endpoint name when it is listed on the Endpoints page, so you do not need to include that information in the name.

    URI The Unique Resource Identifier (URI) of the endpoint.
    Specify the endpoint URI in one of the following formats:
    • https://host:port
    • http://host:port

    If you do not specify a port, port 443 is used for HTTPS URIs and port 80 is used for HTTP URIs.

    For example, an endpoint for a bucket hosted on StorageGRID might have a URI of the form https://gateway-node.storagegrid.example.com:8082, while the URI for a bucket hosted on AWS might be https://s3-aws-region.amazonaws.com

    Note: If the endpoint is used for the CloudMirror replication service, do not include the bucket name in the URI. You include the bucket name in the URN field.
    URN See Specifying the URN for an endpoint.

    You cannot change this value after the endpoint is saved.

  4. Select a value for the Authentication Type and then enter the required credentials:

    The credentials that you supply must have write permissions for the destination resource.

    Authentication Type Description Credentials
    Anonymous Provides anonymous access to the destination. Only works for endpoints that have security disabled. No authentication.
    Access Key Uses AWS-style credentials to authenticate connections with the destination. Access key ID
    Secret access key
    Basic HTTP Uses a username and password to authenticate connections to the destination. Username
    Password
  5. Select a value for Certificate Validation to choose how TLS connection to the endpoint are validated:
    Type of Certificate Validation Description
    Use operating system CA certificate Use the default CA certificate installed on the operating system to secure connections.
    Use custom CA certificate Use a custom security certificate.

    If you select this setting, copy and paste the custom security certificate in the CA Certificate text box.

    Do not verify certificate The certificate used for the TLS connection is not verified. This option is not secure.
  6. Click Save.
    When you save an endpoint, StorageGRID validates that the destination resource exists and that it can be reached using the credentials that you specified. StorageGRID does not validate that the credentials have the correct permissions.
    If endpoint validation fails, you receive an error message that explains the failure. Resolve the issue, then try creating the endpoint again.
    Note: Endpoint creation fails if platform services are not enabled for your tenant account. Contact your StorageGRID administrator.
  7. If you need to test an existing endpoint, select the endpoint, and click Test.
    • A success message appears if the endpoint can be reached using the specified credentials. The connection to the endpoint is validated from one node at each site.
      screenshot showing Endpoint Test success message
    • An error message appears if endpoint validation fails. If you need to modify the endpoint to correct the error, select it, click Edit, and update the information. Then, click Save to validate your changes.
      Note: You cannot change an endpoint's URN after the endpoint has been created.

After you finish

After you have configured an endpoint, you can use its URN to configure a platform service.