W E K A
3.14
3.14
  • WEKA v3.14 Documentation
  • Weka System Overview
    • About the WEKA System
    • SSD Capacity Management
    • Filesystems, Object Stores & Filesystem Groups
    • Weka Networking
    • Data Lifecycle Management
    • Weka Client & Mount Modes
    • Glossary
  • Getting Started with Weka
    • Quick Install Guide
    • Managing the Weka System
    • CLI Overview
    • GUI Overview
    • Serving IOs with WekaFS
  • Planning & Installation
    • Prerequisites for Installation
    • Bare Metal Installation
      • Planning a Weka System Installation
      • Setting Up the Hosts
        • SR-IOV Enablement
      • Obtaining the Weka Install File
      • Weka System Installation Process Using the CLI
      • Adding Clients
    • AWS Installation
      • Self-Service Portal
      • CloudFormation Template Generator
      • Deployment Types
      • AWS Outposts Deployment
      • Supported EC2 Instance Types
      • Adding Clients
      • Auto Scaling Group
      • Troubleshooting
  • Performance
    • Testing Weka Performance
      • Test Environment Details
  • WekaFS Filesystems
    • Managing Filesystems, Object Stores & Filesystem Groups
      • Managing Object Stores
      • Managing Filesystem Groups
      • Managing Filesystems
      • Attaching/Detaching Object Stores to/from Filesystems
      • KMS Management
    • Advanced Data Lifecycle Management
      • Advanced Time-based Policies for Data Storage Location
      • Data Management in Tiered Filesystems
      • Transition Between Tiered and SSD-Only Filesystems
      • Manual fetch and release of data
    • Mounting Filesystems
    • Snapshots
    • Snap-To-Object
    • Quota Management
  • Additional Protocols
    • NFS
    • SMB
      • SMB Management Using CLIs
      • SMB Management Using the GUI
    • S3
      • S3 Cluster Management
      • S3 Buckets Management
      • S3 Users and Authentication
      • S3 Information Lifecycle Management
      • Audit S3 APIs
      • S3 Limitations
      • S3 Examples using boto3
  • Operation Guide
    • Alerts
      • List of Alerts
    • Events
      • List of Events
    • Statistics
      • List of Statistics
    • System Congestion
    • Security
      • User Management
      • Organizations
    • Expanding & Shrinking Cluster Resources
      • Expand & Shrink Overview
      • Stages in Adding a Backend Host
      • Expansion of Specific Resources
      • Shrinking a Cluster
    • Background Tasks
    • Upgrading Weka Versions
  • Billing & Licensing
    • License Overview
    • Classic License
    • Pay-As-You-Go License
  • Support
    • Prerequisites and Compatibility
    • Getting Support for Your Weka System
    • The Weka Support Cloud
    • Diagnostics CLI Command
  • Appendix
    • Weka CSI Plugin
    • External Monitoring
    • Snapshot Management
  • REST API
Powered by GitBook
On this page
  • Overview
  • Architecture
  • S3 Access, Security and Auditing
  • S3 Access
  • Security
  • Audit
  1. Additional Protocols

S3

This page describes the Weka implementation of the S3 protocol.

PreviousSMB Management Using the GUINextS3 Cluster Management

Last updated 3 years ago

Overview

The S3 protocol is widely used and spans many cloud-native or cloud-ready applications.

With Weka, you can:

  • Ingest data with S3 and then you can access the data with either S3 or other protocols.

  • Expose existing data to S3, and migrate your application within the same data platform.

  • Burst to the cloud and use new applications without the need to migrate your data.

In general, you can both gradually move applications to S3 and access the same data via multiple protocols (POSIX, S3, SMB, NFS, GPUDirect Storage). All this while enjoying Weka's scale, performance, and resiliency.

Architecture

The Weka S3 service is a scalable, resilient service that provides multi-protocol access to data.

The S3 service is implemented by specifying a set of storage hosts that you want to run the S3 protocol on and then creating a logical S3 cluster to expose the S3 service. As you the S3 cluster scales to higher performance.

By integrating a , different S3 clients will access different hosts, allowing the Weka system to scale and service thousands of clients.

The Weka S3 service works on top of the WekaFS file service. Buckets are mapped to (top-level) directories, and objects are mapped to files. Then, the same data can be exposed with either of the Weka-supported protocols.

S3 Access, Security and Auditing

S3 Access

Access to S3 APIs can be either authenticated or anonymous.

User Authentication

The process of gaining authenticated S3 access requires to:

Anonymous Access

Anonymous access to buckets/objects can be obtained by either:

Security

Encryption at Rest

TLS

Audit

The S3 API calls can be audited using an HTTP webhook service and connecting to an application such as Splunk.

To set an audit target, use the weka s3 cluster audit-webhook enable CLI command.

, to set the permissions of the user to S3 operations and resources

(STS AssumeRole)

Data written via the S3 protocol can be encrypted at-rest by setting an .

Clients' access to the service via HTTPS is provided using the same certificates Weka uses for other API access, as defined in the section.

For more information, refer to the page.

Audit S3 APIs
define many hosts that serve the S3 protocol
round-robin DNS or a load balancer
Pre-signed URLs
encrypted filesystem
Create and attach an IAM policy for that S3 user
Create temporary security tokens
Bucket policy
Create an internal Weka user with an S3 user role
TLS