snapmirror object-store config modify
Modify SnapMirror object store configuration attributes
Availability: This command is available to cluster and Vserver administrators at the admin privilege level.
Description
The storage aggregate object-store config modify command is used to update one or more of object store configuration parameters.
Parameters
-vserver <vserver name>
- Vserver Name-
This parameter specifies the vserver on which the object store configuration needs to be created.
-object-store-name <text>
- Object Store Configuration Name-
This parameter identifies the configuration to be modified.
[-usage {data|metadata}]
- Object Store Use-
This parameter specifies the usage for an object store configuration.
[-new-object-store-name <text>]
- Object Store Configuration New Name-
This optional parameter specifies the new name for the object store configuration.
[-server <Remote InetAddress>]
- Fully Qualified Domain Name of the Object Store Server-
This optional parameter specifies the new Fully Qualified Domain Name (FQDN) of the same object store server. For Amazon S3, server name must be an AWS regional endpoint in the format s3.amazonaws.com or s3-<region>.amazonaws.com, for example, s3-us-west-2.amazonaws.com. The region of the server and the bucket must match. For more information on AWS regions, refer to 'Amazon documentation on AWS regions and endpoints'. For Azure, if the
-server
is a "blob.core.windows.net" or a "blob.core.usgovcloudapi.net", then the value of azure-account in the configuration followed by a period will be added in front of the server. Note that the value ofazure-account
cannot be modified. [-is-ssl-enabled {true|false}]
- Is SSL/TLS Enabled-
This optional parameter indicates whether a secured SSL/TLS connection will be used during data access to the object store.
[-port <integer>]
- Port Number of the Object Store-
This optional parameter specifies a new port number to connect to the object store server indicated in the
-server
parameter. [-access-key <text>]
- Access Key ID for S3 Compatible Provider Types-
This optional parameter specifies a new access key (access key ID) for the AWS S3, SGWS, IBM COS object stores and ONTAP S3.
[-ipspace <IPspace>]
- IPspace to Use in Order to Reach the Object Store-
This optional parameter specifies new ipspace values for the configuration.
[-use-iam-role {true|false}]
- (DEPRECATED)-Use IAM Role for AWS Cloud Volumes ONTAP-
This optional parameter is deprecated. Please use
-auth-type
instead. Note, that-auth-type EC2-IAM
is an equivalent of-use-iam-role true
, and-auth-type key
is an equivalent of-use-iam-role false
. [-secret-password <text>]
- Secret Access Key for S3 Compatible Provider Types-
This optional parameter specifies a new password (secret access key) for the AWS S3, SGWS, IBM COS object stores and ONTAP S3. For an Azure object store see
-azure-private-key
. If the-access-key
is specified but the-secret-password
is not then one will be asked to enter the-secret-password
without echoing the input. [-is-certificate-validation-enabled {true|false}]
- Is SSL/TLS Certificate Validation Enabled-
This optional parameter indicates whether an SSL/TLS certificate of an object store server is validated whenever an SSL/TLS connection to an object store server is established. This parameter is only applicable when
is-ssl-enabled
istrue
. It is recommended to keep the default value which istrue
to make sure that Data ONTAP connects to a trusted object store server, otherwise identities of an object store server are not verified. [-ask-azure-private-key {true|false}]
- Ask to Enter the Azure Access Key without Echoing-
If this optional parameter is true then one will be asked to enter the
-azure-private-key
without echoing the input. [-azure-private-key <text>]
- Azure Access Key-
This optional parameter specifies a new access key for Azure object store. For other object store providers see
secret-password
. See alsoask-azure-private-key
. [-server-side-encryption {none | SSE-S3}]
- Encryption of Data at Rest by the Object Store Server (privilege: advanced)-
This parameter specifies if AWS or other S3 compatible object store server must encrypt data at rest. The available choices depend on provider-type.
none
encryption (no encryption required) is supported by all S3 (non-Azure) object store servers.SSE-S3
encryption is supported by all S3 (non-Azure) object store servers except ONTAP_S3. This is an advanced property. In most cases it is best not to change default value of "sse_s3" for object store servers which support SSE-S3 encryption. The encryption is in addition to any encryption done by ONTAP at a volume or at an aggregate level. Note that changing this option does not change encryption of data which already exist in the object store. [-url-style {path-style | virtual-hosted-style}]
- URL Style Used to Access S3 Bucket-
This parameter specifies the URL style used to access S3 bucket. This option is only available for non-Azure object store providers. The available choices and default value depend on provider-type.
[-iamra-session-token <text>]
- IAMRA Session Token for Authentication-
This parameter specifies a temporary token for S3 snapmirror which will expire periodically. This will increase security.
Examples
The following example modifies an object-store configuration named objectStoreName
to a new name newName.
cluster::*> snapmirror object-store config modify -object-store-name objectStoreName -new-object-store-name newName