Create an S3 user
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
User authorization is required on all ONTAP object stores to restrict connectivity to authorized clients.
An S3-enabled storage VM must already exist.
An S3 user can be granted access to any bucket in a storage VM. When you create an S3 user, an access key and a secret key are also generated for the user. They should be shared with the user along with the FQDN of the object store and bucket name. An S3 users' keys can be viewed with the vserver object-store-server user show
command.
You can grant specific access permissions to S3 users in a bucket policy or an object server policy.
When you create a new object store server, ONTAP creates a root user (UID 0), which is a privileged user with access to all buckets. Rather than administering ONTAP S3 as the root user, NetApp recommends that an admin user role be created with specific privileges. |
-
Create an S3 user:
vserver object-store-server user create -vserver svm_name -user user_name -comment [-comment text] -key-time-to-live time
-
Adding a comment is optional.
-
Beginning with ONTAP 9.14.1, you can define the period of time for which the key will be valid in the
-key-time-to-live
parameter. You can add the retention period in this format, to indicate the period after which the access key expires:P[<integer>D]T[<integer>H][<integer>M][<integer>S] | P<integer>W
For example, if you want to enter a retention period of one day, two hours, three minutes, and four seconds, enter the value asP1DT2H3M4S
. Unless specified, the key is valid for an indefinite period of time.The below example creates a user with name
sm_user1
on storage VMvs0
, with a key retention period of one week.vserver object-store-server user create -vserver vs0 -user sm_user1 -key-time-to-live P1W
-
-
Be sure to save the access key and secret key. They will be required for access from S3 clients.
-
Click Storage > Storage VMs. Select the storage VM to which you need to add a user, select Settings and then click under S3.
-
To add a user, click Users > Add.
-
Enter a name for the user.
-
Beginning with ONTAP 9.14.1, you can specify the retention period of the access keys that get created for the user. You can specify the retention period in days, hours, minutes, or seconds, after which the keys automatically expire. By default, the value is set to
0
that indicates that the key is indefinitely valid. -
Click Save. The user is created, and an access key and a secret key are generated for the user.
-
Download or save the access key and secret key. They will be required for access from S3 clients.