Skip to main content

Configure S3 client connections

Contributors netapp-lhalbert
PDFs

As a grid administrator, you manage the configuration options that control how S3 client applications connect to your StorageGRID system to store and retrieve data.

Tip Swift details have been removed from this version of the doc site. See StorageGRID 11.8: Configure S3 and Swift client connections.

Configuration tasks

  1. Perform prerequisite tasks in StorageGRID, based on how the client application will connect to StorageGRID.

Required tasks

You must obtain:

  • IP addresses

  • Domain names

  • SSL certificate

Optional tasks

Optionally, configure:

  • Identity federation

  • SSO

  1. Use StorageGRID to obtain the values the application needs to connect to the grid. You can either use the S3 setup wizard or configure each StorageGRID entity manually.

Use S3 setup wizard

Follow the steps in the S3 setup wizard.

Configure manually

  1. Create high availability group

  2. Create load balancer endpoint

  3. Create tenant account

  4. Create bucket and access keys

  5. Configure ILM rule and policy

  1. Use the S3 application to complete the connection to StorageGRID. Create DNS entries to associate IP addresses to any domain names you plan to use.

    As needed, perform additional application setup.

  2. Perform ongoing tasks in the application and in StorageGRID to manage and monitor object storage over time.

Information needed to attach StorageGRID to a client application

Before you can attach StorageGRID to an S3 client application, you must perform configuration steps in StorageGRID and obtain certain value.

What values do I need?

The following table shows the values you must configure in StorageGRID and where those values are used by the S3 application and the DNS server.

Value Where value is configured Where value is used

Virtual IP (VIP) addresses

StorageGRID > HA group

DNS entry

Port

StorageGRID > Load balancer endpoint

Client application

SSL certificate

StorageGRID > Load balancer endpoint

Client application

Server name (FQDN)

StorageGRID > Load balancer endpoint

  • Client application

  • DNS entry

S3 access key ID and secret access key

StorageGRID > Tenant and bucket

Client application

Bucket/Container name

StorageGRID > Tenant and bucket

Client application

How do I get these values?

Depending on your requirements, you can do either of the following to obtain the information you need:

  • Use the S3 setup wizard. The S3 setup wizard helps you to quickly configure the required values in StorageGRID and outputs one or two files that you can use when you configure the S3 application. The wizard guides you through the required steps and helps to make sure your settings conform to StorageGRID best practices.

    Note If you are configuring an S3 application, using the S3 setup wizard is recommended unless you know you have special requirements or your implementation will require significant customization.

  • Use the FabricPool setup wizard. Similar to the S3 setup wizard, the FabricPool setup wizard helps you to quickly configure required values and outputs a file that you can use when you configure a FabricPool cloud tier in ONTAP.

    Note If you plan to use StorageGRID as the object storage system for a FabricPool cloud tier, using the FabricPool setup wizard is recommended unless you know you have special requirements or your implementation will require significant customization.

  • Configure items manually. If you are connecting to an S3 application and prefer not to use the S3 setup wizard, you can obtain the required values by performing the configuration manually. Follow these steps:

    1. Configure the high availability (HA) group you want to use for the S3 application. See Configure high availability groups.

    2. Create the load balancer endpoint that the S3 application will use. See Configure load balancer endpoints.

    3. Create the tenant account that the S3 application will use. See Create a tenant account.

    4. For an S3 tenant, sign in to the tenant account, and generate an access key ID and secret access key for each user that will access the application. See Create your own access keys.

    5. Create one or more S3 buckets within the tenant account. For S3, see Create S3 bucket.

    6. To add specific placement instructions for the objects belonging to the new tenant or bucket/container, create a new ILM rule and activate a new ILM policy to use that rule. See Create ILM rule and Create ILM policy.