This parameter identifies the configuration to be modified.

This optional parameter specifies the new name for the object store configuration.

This optional parameter specifies where the system obtains credentials for authentication to an object store. The available choices depend on the platform (Cloud Volumes ONTAP or not) and provider-type (AWS_S3 or not). The keys value is always applicable, and if selected means that the access-key and secret-password are provided by the system administrator. In Cloud Volumes ONTAP, the EC2-IAM value is also applicable. It means that the IAM role is associated with the EC2 instance, and that the access-key , secret-password and session token are are retrieved from EC2 instance metadata for this IAM role. Note that -use-iam-role and -auth-type are mutually exclusive, -auth-type EC2-IAM is an equivalent of -use-iam-role true , and -auth-type key is an equivalent of -use-iam-role false . In Cloud Volumes ONTAP, the GCP-SA value may also be applicable. It means that a session token is retrieved from the GCP instance metadata for the Service Account associated with the GCP instance. Similarly, Azure-MSI means that a session token is retrieved from the Azure instance metadata for the Managed Service Identity (MSI) associated with the Azure instance. For the AWS_S3 provider, the CAP (C2S Authentication Portal) value is also applicable. This should only be used when accessing C2S (Commercial Cloud Services). If the CAP value is specified, then the`-cap-url` must be specified. See cap-url .

This parameter is available only when -auth-type is CAP . It specifies a full URL of the request to a CAP server for retrieving temporary credentials (access-key, secret-pasword and session token) for accessing the object store server. The CAP URL may look like: https://123.45.67.89:1234/CAP/api/v1/credentials?agency=myagency=mymission=myrole

This optional parameter specifies the new Fully Qualified Domain Name (FQDN) of the same object store server. For Amazon S3, server name must be an AWS regional endpoint in the format s3.amazonaws.com or s3-<region>.amazonaws.com, for example, s3-us-west-2.amazonaws.com. The region of the server and the bucket must match. For more information on AWS regions, refer to 'Amazon documentation on AWS regions and endpoints'. For Azure, if the -server is a "blob.core.windows.net" or a "blob.core.usgovcloudapi.net", then the value of azure-account in the configuration followed by a period will be added in front of the server. Note that the value of azure-account cannot be modified.

This optional parameter indicates whether a secured SSL/TLS connection will be used during data access to the object store.

This optional parameter specifies a new port number to connect to the object store server indicated in the -server parameter.

This optional parameter specifies a new access key (access key ID) for the AWS S3, SGWS, IBM COS object stores and ONTAP S3.

This optional parameter specifies a new password (secret access key) for the AWS S3, SGWS, IBM COS object stores and ONTAP S3. For an Azure object store see -azure-private-key . If the -access-key is specified but the -secret-password is not then one will be asked to enter the -secret-password without echoing the input.

If this optional parameter is true then one will be asked to enter the -azure-private-key without echoing the input.

This optional parameter specifies a new access key for Azure object store. For other object store providers see secret-password . See also ask-azure-private-key .

This parameter specifies the shared access signature token to authenticate requests and provide limited access to storage resources in the Azure object store. Any previously stored token will be overwritten by the token specified in this parameter. Pass an empty string in single quotes to clear any previously stored token.

This optional parameter specifies new ipspace values for the configuration.

This optional parameter indicates whether an SSL/TLS certificate of an object store server is validated whenever an SSL/TLS connection to an object store server is established. This parameter is only applicable when is-ssl-enabled is true . It is recommended to keep the default value which is true to make sure that Data ONTAP connects to a trusted object store server, otherwise identities of an object store server are not verified.

This optional parameter indicates whether an HTTP proxy will be used for connecting to an object store. Note that an HTTP proxy is configured using the vserver http-proxy commands at the diagnostic privilege level.

This parameter specifies if AWS or other S3 compatible object store server must encrypt data at rest. The available choices depend on provider-type. none encryption (no encryption required) is supported by all S3 (non-Azure) object store servers. SSE-S3 encryption is supported by all S3 (non-Azure) object store servers except ONTAP_S3. This is an advanced property. In most cases it is best not to change default value of "sse_s3" for object store servers which support SSE-S3 encryption. The encryption is in addition to any encryption done by ONTAP at a volume or at an aggregate level. Note that changing this option does not change encryption of data which already exist in the object store.

This parameter specifies the URL style used to access S3 bucket. This option is only available for non-Azure object store providers. The available choices and default value depend on provider-type.