Loading...

Amazon S3 - Access & Secret Access Keys

Use the following information to add or modify an Amazon S3 cloud storage library with Access & Secret Access Key authentication in the Add / Edit Cloud Storage (General) dialog box in CommCell Console.

Note: Refer to Amazon S3 documentation for additional information on the inputs required in this dialog box.

Authentication

Access & Secret Access Key - This is the default authentication.

Service Host

A valid endpoint name for the Amazon S3 region provided by the agency.

Default: s3.[region].amazonaws.com. For example, s3.us-west-1.amazonaws.com.

To find the region, see https://docs.aws.amazon.com/general/latest/gr/rande.html.

Note:

  • For Amazon S3 Transfer Acceleration, service host provider name must be provided as s3-accelerate.amazonaws.com.
  • For Amazon S3 Access Points, service host provider name must be provided as s3-accesspoint.*Region*.amazonaws.com.

    For more information about Amazon Access Points, see https://docs.aws.amazon.com/AmazonS3/latest/dev/access-points.html.

Credential

Select a pre-defined credential from the list.

To define a new credential, click the Add New button from the list. The following information is required.

  • Credential Name: An user-defined name for the credential.
  • Access Key ID: Access key ID for the account.
  • Secret Access Key:Secret Access Key for the account

Bucket

Click the Detect button to detect an existing bucket.

Note: Sometimes, existing bucket list may not get populated while detecting the buckets, as some vendors may not support this operation, or if there are no permissions to complete the operation. In such cases, type the name of the existing bucket that you want to use. The system will automatically use the existing bucket if it is available.

For Amazon S3 Access Points, enter the bucket/container as follows:

[accesspoint name]-[account id]

For example:

accesspointtest-999999999999

The following actions must be enabled for the bucket before configuring the library: (sample json file with these actions.)

"s3:CreateBucket",
"s3:GetBucketLocation",
"s3:GetObject",
"s3:PutObject",
"s3:PutObjectRetention",
"s3:ListBucket",
"s3:ListAllMyBuckets"
"s3:PutObjectTagging",
"s3:DeleteObject"
"s3:PutBucketObjectLockConfiguration"

Notes:

  • The CreateBucket permission is required only when the bucket must be created by the MediaAgent while configuring the cloud storage. (This permission can be skipped if an existing bucket is used for configuring the cloud storage.)
  • The ListAllMyBuckets permissions request is required for the Detect button to work.
  • To recall data from Amazon Glacier Glacier/Deep Archive or Combined Tier Storage Classes, make sure that the user associated with the bucket has the RestoreObject permission. For more information on POST Object restore, see https://docs.aws.amazon.com/AmazonS3/latest/API/RESTObjectPOSTrestore.html.

Storage Class

The following storage classes are supported:

  • Standard
  • Standard - Infrequent Access
  • One Zone - Infrequent Access
  • Intelligent - Tiering
  • Standard/Glacier (Combined Storage Tiers)
  • Standard-IA/Glacier (Combined Storage Tiers)
  • One Zone-IA/Glacier (Combined Storage Tiers)
  • Intelligent-Tiering/Glacier (Combined Storage Tiers)
  • Standard/Deep Archive (Combined Storage Tiers)
  • Standard-IA/Deep Archive (Combined Storage Tiers)
  • One Zone-IA/Deep Archive (Combined Storage Tiers)
  • Intelligent-Tiering/Deep Archive (Combined Storage Tiers)
  • Glacier
  • Deep Archive
  • Reduced Redundancy Storage

Reference https://aws.amazon.com/s3/storage-classes/ for more information.

Best Practices

Amazon S3 - Performance

The performance of S3 reads is better when multiple mount paths are created instead of one single mount path.

Therefore, depending on the estimated Front-End Terabyte (FET) capacity in your environment, create a mount path for every 25 terabyte (TB) of data.

For example if the estimation is 100 TB, then create 4 mount paths.

Note that the same bucket can be used to create the second and subsequent mount paths. A unique base folder will be created for each mount path under the bucket.

In addition, make sure that the Spill and Fill Mount Paths option is enabled in the Library Properties. This setting will help to distribute the objects across different partitions in the bucket, making the retrieval of the objects faster. For more information on this option, see Parameters for Mount Path Usage.

Related Topics

Last modified: 5/11/2021 10:39:01 AM