Manage S3 buckets using the CLI

This page describes how to manage S3 buckets using the CLI.

Using the CLI, you can:

Create a bucket

Command: weka s3 bucket create

Use the following command line to create an S3 bucket:

weka s3 bucket create <name> [--policy policy] [--policy-json policy-json] [--hard-quota hard-quota] [--fs-name fs-name] [--fs-id fs-id] [--existing-path existing-path]

Parameters

Name

Type

Value

Limitations

Mandatory

Default

name

String

The name for the S3 bucket to add.

Refer to the Bucket Naming Limitations section.

Yes

policy

String

The name of a pre-defined bucket policy for anonymous access.

One of: none, download, upload, public

No

none

policy-json

String

A path to a custom policy JSON file for anonymous access.

A JSON file representing an S3 bucket policy.

No

hard-quota

Number

Hard quota for the S3 bucket.

Can only be set on a new bucket without existing data (cannot be set when using existing-path to an existing directory with data)

No

fs-name

String

Filesystem name to create the bucket within.

An existing filesystem name

No. When specified, use only fs-name or fs-id.

The default filesystem specified when creating the S3 cluster.

fs-id

Number

Filesystem ID to create the bucket within.

An existing filesystem ID

No. When specified, use only fs-name or fs-id.

The default filesystem specified when creating the S3 cluster

existing-path

String

Existing directory path (relative to the filesystem root) to expose a bucket from.

An existing path within the filesystem

No

List buckets

Command: weka s3 bucket list

Use this command to list existing buckets.

Set a bucket quota

Command: weka s3 bucket quota set

Use the following command line to set an S3 bucket quota:

weka s3 bucket quota set <bucket-name> <hard-quota>

Parameters

Name

Type

Value

Limitations

Mandatory

Default

bucket-name

String

The name of an existing S3 bucket.

Yes

hard-quota

Number

Hard quota for the S3 bucket.

Can only be initially set on an empty bucket. Calling this command on a bucket that already has a quota will change the quota limitation.

Yes

Unset a bucket quota

Command: weka s3 bucket quota unset <bucket-name>

Use this command to unset an existing bucket quota.

Note: If the bucket point to a directory shared with other protocols, changing the quota affects all protocols (changes the associated directory quota).

Delete a bucket

Command: weka s3 bucket destroy

Use this command to delete an existing bucket.

Note: You can only delete a bucket if it is empty (all its objects are deleted).

Manage bucket policies

It is possible to set bucket policies for anonymous access. You can choose a pre-defined policy or add a customized policy.

Set a pre-defined bucket policy

A bucket is automatically created without any anonymous access permissions. You can use one of the pre-defined policies: download, upload, or public.

Example: For a bucket named mybucket, the following are the pre-defined policy values:

{
  "Statement": [
    {
      "Action": [
        "s3:GetBucketLocation",
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "*"
        ]
      },
      "Resource": [
        "arn:aws:s3:::mybucket"
      ]
    },
    {
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Principal": {
        "AWS": [
          "*"
        ]
      },
      "Resource": [
        "arn:aws:s3:::mybucket/*"
      ]
    }
  ],
  "Version": "2012-10-17"
} 

Command: weka s3 bucket policy set

Use the following command line to set a pre-defined bucket policy:

weka s3 bucket policy set <bucket-name> <bucket-policy>

Parameters

Name

Type

Value

Limitations

Mandatory

Default

bucket-name

String

The name of an existing S3 bucket.

Yes

bucket-policy

String

The name of a pre-defined bucket policy for anonymous access.

One of: none, download, upload, public

Yes

Set a custom bucket policy

To create a custom policy, you can use AWS Policy Generator and select S3 Bucket Policy type. With a custom policy, it is possible to limit anonymous access only to specific prefixes.

For example, to set a custom policy for mybucket to allow read-only access for objects with a public/ prefix, the custom policy, as generated with the calculator, is:

{
  "Id": "Policy1624778813411",
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1624778790840",
      "Action": [
        "s3:ListBucket"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::mybucket",
      "Condition": {
        "StringEquals": {
          "s3:prefix": "public/"
        }
      },
      "Principal": "*"
    },
    {
      "Sid": "Stmt1624778812360",
      "Action": [
        "s3:GetObject"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:s3:::mybucket/public/*",
      "Principal": "*"
    }
  ]
}

Command: weka s3 bucket policy set-custom

Use the following command line to set a custom bucket policy:

weka s3 bucket policy set-custom <policy-file> <bucket-name>

Parameters

Name

Type

Value

Limitations

Mandatory

Default

policy-file

String

A path to a custom policy JSON file for anonymous access.

A JSON file representing an S3 bucket policy.

Wildcards (e.g., s3:*) are not allowed as an Action in the custom policy file. For supported actions, refer to the Supported Policy Actions section.

Yes

bucket-name

String

The name of an existing S3 bucket.

Yes

View a bucket policy

Command: weka s3 bucket policy get / weka s3 bucket policy get-json

Use the following command line to view an S3 bucket policy name/JSON:

weka s3 bucket policy get <bucket-name> / weka s3 bucket policy get-json <bucket-name>

Parameters

Name

Type

Value

Limitations

Mandatory

Default

bucket-name

String

The name of an existing S3 bucket.

Yes

Unset a bucket policy

Command: weka s3 bucket policy unset

Use the following command line to unset an S3 bucket policy:

weka s3 bucket policy unset <bucket-name>

Parameters

Name

Type

Value

Limitations

Mandatory

Default

bucket-name

String

The name of an existing S3 bucket.

Yes

Last updated