Manage S3 users and authentication using the CLI
This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.
With the CLI, you can:
View existing IAM policies
Command: weka s3 policy list
Use this command to list the existing IAM policies.
The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.
Command: weka s3 policy show <policy-name>
Use this command to see the JSON definition of the selected IAM policy.
The pre-defined policies value are:
Add an IAM policy
Command: weka s3 policy add
Use the following command line to add an S3 IAM policy:
weka s3 policy add <policy-name> <policy-file>
Parameters
Name
Type
Value
Limitations
Mandatory
Default
policy-name
String
The name of the IAM policy to add
Yes
policy-file
String
A path to the custom policy JSON file for anonymous access.
A JSON file representing an IAM policy.
For supported actions, refer to the Supported Policy Actions section.
Yes
Delete an IAM policy
Command: weka s3 policy remove
Use the following command line to delete an S3 IAM policy:
weka s3 policy remove <policy-name>
Parameters
Name
Type
Value
Limitations
Mandatory
Default
policy-name
String
The name of the IAM policy to remove
Yes
Attach a policy to an S3 user
Command: weka s3 policy attach
Use the following command line to attach an IAM policy to an S3 user:
weka s3 policy attach <policy> <user>
Parameters
Name
Type
Value
Limitations
Mandatory
Default
policy
String
The name of an existing IAM policy
Yes
user
String
The name of an existing S3 user
Yes
Detach a policy from an S3 user
Command: weka s3 policy detach
Use the following command line to detach an IAM policy from an S3 user:
weka s3 policy detach <user>
Parameters
Name
Type
Value
Limitations
Mandatory
Default
user
String
The name of an existing S3 user
Yes
Generate a temporary security token
Command: weka s3 sts assume-role
Use the following command line to generate a temporary security token:
weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>
Parameters
Name
Type
Value
Limitations
Mandatory
Default
access-key
String
An S3 user access key
Yes
secret-key
String
An S3 user secret key
No
If not supplied, the command will prompt to supply the secret-key
policy-file
String
A path to a custom policy JSON file for anonymous access.
A JSON file representing an IAM policy.
For supported actions, refer to the Supported Policy Actions section. You cannot gain additional capabilities to the IAM policy attached to this S3 user.
No
duration
String
Duration for the token validity
Between 15 minutes and 1 week. Format: 900s
, 60m
, 2d
, 1w
Yes
An example response:
Last updated