S3: Specifying authentication details for a Cloud Storage Pool

Contributors netapp-madkat netapp-perveilerk

When you create a Cloud Storage Pool for S3, you must select the type of authentication that is required for the Cloud Storage Pool endpoint. You can specify Anonymous or enter an Access Key ID and Secret Access Key.

What you’ll need
  • You have entered the basic information for the Cloud Storage Pool and specified Amazon S3 as the provider type.

    Cloud Storage Pool Create S3
  • If you are using access key authentication, you know the Access Key ID and Secret Access Key for the external S3 bucket.

Steps
  1. In the Service Endpoint section, provide the following information:

    1. Select which protocol to use when connecting to the Cloud Storage Pool.

      The default protocol is HTTPS.

    2. Enter the server hostname or IP address of the Cloud Storage Pool.

      For example:

      s3-aws-region.amazonaws.com

      Note Do not include the bucket name in this field. You include the bucket name in the Bucket or Container field.
    3. Optionally, specify the port that should be used when connecting to the Cloud Storage Pool.

      Leave this field blank to use the default port: port 443 for HTTPS or port 80 for HTTP.

    4. Select the URL style for the Cloud Storage Pool bucket:

      Option Description

      Virtual Hosted-Style

      Use a virtual hosted-style URL to access the bucket. Virtual hosted-style URLs include the bucket name as part of the domain name, for example https://bucket-name.s3.company.com/key-name.

      Path-Style

      Use a path-style URL to access the bucket. Path-style URLs include the bucket name at the end, for example https://s3.company.com/bucket-name/key-name.

      Note: The path-style URL is being deprecated.

      Auto-Detect

      Attempt to automatically detect which URL style to use, based on the information provided. For example, if you specify an IP address, StorageGRID will use a path-style URL. Select this option only if you don’t know which specific style to use.

  2. In the Authentication section, select the type of authentication that is required for the Cloud Storage Pool endpoint.

    Option Description

    Access Key

    An Access Key ID and Secret Access Key are required to access the Cloud Storage Pool bucket.

    Anonymous

    Everyone has access to the Cloud Storage Pool bucket. An Access Key ID and Secret Access Key are not required.

    CAP (C2S Access Portal)

  3. If you selected Access Key, enter the following information:

    Option Description

    Access Key ID

    The Access Key ID for the account that owns the external bucket.

    Secret Access Key

    The associated Secret Access Key.

  4. In the Server Verification section, select which method should be used to validate the certificate for TLS connections to the Cloud Storage Pool:

    Option Description

    Use operating system CA certificate

    Use the default Grid CA certificates installed on the operating system to secure connections.

    Use custom CA certificate

    Use a custom CA certificate. Select Select New, and upload the PEM-encoded CA certificate.

    Do not verify certificate

    The certificate used for the TLS connection is not verified.

  5. Select Save.

When you save a Cloud Storage Pool, StorageGRID does the following:

  • Validates that the bucket and the service endpoint exist and that they can be reached using the credentials that you specified.

  • Writes a marker file to the bucket to identify the bucket as a Cloud Storage Pool. Never remove this file, which is named x-ntap-sgws-cloud-pool-uuid.

If Cloud Storage Pool validation fails, you receive an error message that explains why validation failed. For example, an error might be reported if there is a certificate error or if the bucket you specified does not already exist.

Cloud Storage Pool Create Error

See the instructions for troubleshooting Cloud Storage Pools, resolve the issue, and then try saving the Cloud Storage Pool again.