Skip to main content

S3: Specifying authentication details for a Cloud Storage Pool

Contributors netapp-lhalbert
PDFs

When you create a Cloud Storage Pool for S3, you must select the type of authentication that is required for the Cloud Storage Pool endpoint. You can specify Anonymous or enter an Access Key ID and Secret Access Key.

What you'll need

  • You must have entered the basic information for the Cloud Storage Pool and specified Amazon S3 as the provider type.

    Cloud Storage Pool Create S3

  • If you are using access key authentication, you must know the Access Key ID and Secret Access Key for the external S3 bucket.

Steps

  1. In the Service Endpoint section, provide the following information:

    1. Select which protocol to use when connecting to the Cloud Storage Pool.

      The default protocol is HTTPS.

    2. Enter the server hostname or IP address of the Cloud Storage Pool.

      For example:

      s3-aws-region.amazonaws.com

      Note Do not include the bucket name in this field. You include the bucket name in the Bucket or Container field.

    3. Optionally, specify the port that should be used when connecting to the Cloud Storage Pool.

      Leave this field blank to use the default port: port 443 for HTTPS or port 80 for HTTP.

  2. In the Authentication section, select the type of authentication that is required for the Cloud Storage Pool endpoint.

    Option Description

    Access Key

    An Access Key ID and Secret Access Key are required to access the Cloud Storage Pool bucket.

    Anonymous

    Everyone has access to the Cloud Storage Pool bucket. An Access Key ID and Secret Access Key are not required.

    CAP (C2S Access Portal)

    Used for C2S S3 only. Go to C2S S3: Specifying authentication details for a Cloud Storage Pool.

  3. If you selected Access Key, enter the following information:

    Option Description

    Access Key ID

    The Access Key ID for the account that owns the external bucket.

    Secret Access Key

    The associated Secret Access Key.

  4. In the Server Verification section, select which method should be used to validate the certificate for TLS connections to the Cloud Storage Pool:

    Option Description

    Use operating system CA certificate

    Use the default CA certificates installed on the operating system to secure connections.

    Use custom CA certificate

    Use a custom CA certificate. Click Select New, and upload the PEM-encoded CA certificate.

    Do not verify certificate

    The certificate used for the TLS connection is not verified.

  5. Click Save.

When you save a Cloud Storage Pool, StorageGRID does the following:

  • Validates that the bucket and the service endpoint exist and that they can be reached using the credentials that you specified.

  • Writes a marker file to the bucket to identify the bucket as a Cloud Storage Pool. Never remove this file, which is named x-ntap-sgws-cloud-pool-uuid.

If Cloud Storage Pool validation fails, you receive an error message that explains why validation failed. For example, an error might be reported if there is a certificate error or if the bucket you specified does not already exist.

Cloud Storage Pool Create Error

See the instructions for troubleshooting Cloud Storage Pools, resolve the issue, and then try saving the Cloud Storage Pool again.

Related information

Troubleshooting Cloud Storage Pools