Manage S3 users and authentication using the CLI
This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.
Last updated
This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.
Last updated
With the CLI, you can:
Command: weka s3 policy list
Use this command to list the existing IAM policies.
The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.
Command: weka s3 policy show <policy-name>
Use this command to see the JSON definition of the selected IAM policy.
The pre-defined policies value are:
Command: weka s3 policy add
Use the following command line to add an S3 IAM policy:
weka s3 policy add <policy-name> <policy-file>
Parameters
policy-name
*
Name of the IAM policy to add.
policy-file
*
Command: weka s3 policy remove
Use the following command line to delete an S3 IAM policy:
weka s3 policy remove <policy-name>
Parameters
policy-name
*
Name of the IAM policy to remove.
Command: weka s3 policy attach
Use the following command line to attach an IAM policy to an S3 user:
weka s3 policy attach <policy> <user>
Parameters
policy
*
Name of an existing IAM policy.
user
*
Name of an existing S3 user.
Command: weka s3 policy detach
Use the following command line to detach an IAM policy from an S3 user:
weka s3 policy detach <user>
Parameters
user
*
Name of an existing S3 user.
Command: weka s3 sts assume-role
Use the following command line to generate a temporary security token:
weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>
Parameters
access-key
*
An S3 user access key
secret-key
An S3 user secret key
If not supplied, the command prompts to supply the secret-key.
policy-file
duration
*
Duration for the token validity.
Possible values between 15 minutes and 1 week. Format: 900s
, 60m
, 2d
, 1w
An example response:
Path to the custom JSON file representing an IAM policy for anonymous access. See .
Path to a custom JSON file representing an IAM policy for anonymous access. You cannot gain additional capabilities to the IAM policy attached to this S3 user. See .