search

Manage S3 users and authentication using the CLI

This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.

With the CLI, you can:

hashtag
View existing IAM policies

Command: weka s3 policy list

Use this command to list the existing IAM policies.

The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.

Command: weka s3 policy show <policy-name>

Use this command to see the JSON definition of the selected IAM policy.

The pre-defined policies value are:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:GetBucketLocation",
        "s3:GetBucketPolicy",
        "s3:GetBucketTagging",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

hashtag
Add an IAM policy

Command: weka s3 policy add

Use the following command line to add an S3 IAM policy:

weka s3 policy add <policy-name> <policy-file>

Parameters

Name
Value

policy-name*

Name of the IAM policy to add.

policy-file*

Path to the custom JSON file representing an IAM policy for anonymous access. See Supported S3 policy actions.

hashtag
Delete an IAM policy

Command: weka s3 policy remove

Use the following command line to delete an S3 IAM policy:‌

weka s3 policy remove <policy-name>

Parameters

Name
Value

policy-name*

Name of the IAM policy to remove.

hashtag
Attach a policy to an S3 user

Command: weka s3 policy attach

Use the following command line to attach an IAM policy to an S3 user:‌

weka s3 policy attach <policy> <user>

Parameters

Name
Value

policy*

Name of an existing IAM policy.

user*

Name of an existing S3 user.

hashtag
Detach a policy from an S3 user

Command: weka s3 policy detach

Use the following command line to detach an IAM policy from an S3 user:‌‌

weka s3 policy detach <user>‌‌

Parameters

Name
Value

user*

Name of an existing S3 user.

hashtag
Generate a temporary security token

Command: weka s3 sts assume-role

Use the following command line to generate a temporary security token:

weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>

Parameters

Name
Value
Default

access-key*

An S3 user access key

secret-key

An S3 user secret key

If not supplied, the command prompts to supply the secret-key.

policy-file

Path to a custom JSON file representing an IAM policy for anonymous access. You cannot gain additional capabilities to the IAM policy attached to this S3 user. See Supported Policy Actions.

duration*

Duration for the token validity. Possible values between 15 minutes and 1 week. Format: 900s, 60m, 2d, 1w

An example response:

PreviousS3 users and authenticationNextManage S3 service accounts using the CLI

Last updated