Manage S3 users and authentication using the CLI
This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.
With the CLI, you can:
View existing IAM policies
Command: weka s3 policy list
Use this command to list the existing IAM policies.
The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.
Command: weka s3 policy show <policy-name>
Use this command to see the JSON definition of the selected IAM policy.
The pre-defined policies value are:
Add an IAM policy
Command: weka s3 policy add
Use the following command line to add an S3 IAM policy:
weka s3 policy add <policy-name> <policy-file>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of the IAM policy to add. | Yes | ||
| String | A path to the custom policy JSON file for anonymous access. | A JSON file representing an IAM policy. For supported actions, refer to the Supported Policy Actions section. | Yes |
Delete an IAM policy
Command: weka s3 policy remove
Use the following command line to delete an S3 IAM policy:
weka s3 policy remove <policy-name>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of the IAM policy to remove. | | Yes | |
Attach a policy to an S3 user
Command: weka s3 policy attach
Use the following command line to attach an IAM policy to an S3 user:
weka s3 policy attach <policy> <user>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing IAM policy. | | Yes | |
| String | The name of an existing S3 user. | Yes | |
Detach a policy from an S3 user
Command: weka s3 policy detach
Use the following command line to detach an IAM policy from an S3 user:
weka s3 policy detach <user>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing S3 user. | | Yes | |
Generate a temporary security token
Command: weka s3 sts assume-role
Use the following command line to generate a temporary security token:
weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
| String | An S3 user access key. | Yes | ||
| String | An S3 user secret key. | No | If not supplied, the command will prompt to supply the secret-key | |
| String | A path to a custom policy JSON file for anonymous access. | A JSON file representing an IAM policy. For supported actions, refer to the Supported Policy Actions section. You cannot gain additional capabilities to the IAM policy attached to this S3 user. | No | |
| String | Duration for the token validity. | Between 15 minutes and 1 week. Format: | Yes | |
An example response:
Last updated