Manage S3 users and authentication using the CLI
This page describes how to gain and obtain access permissions to the S3 protocol using the CLI.
With the CLI, you can:
View existing IAM policies
Command: weka s3 policy list
Use this command to list the existing IAM policies.
The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.
Command: weka s3 policy show <policy-name>
Use this command to see the JSON definition of the selected IAM policy.
The pre-defined policies value are:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:GetBucketLocation",
"s3:GetBucketPolicy",
"s3:GetBucketTagging",
"s3:GetObject"
],
"Resource": [
"arn:aws:s3:::*"
]
}
]
}
Add an IAM policy
Command: weka s3 policy add
Use the following command line to add an S3 IAM policy:
weka s3 policy add <policy-name> <policy-file>
Parameters
policy-name
*
Name of the IAM policy to add.
policy-file
*
Path to the custom JSON file representing an IAM policy for anonymous access. See Supported S3 policy actions.
Delete an IAM policy
Command: weka s3 policy remove
Use the following command line to delete an S3 IAM policy:
weka s3 policy remove <policy-name>
Parameters
policy-name
*
Name of the IAM policy to remove.
Attach a policy to an S3 user
Command: weka s3 policy attach
Use the following command line to attach an IAM policy to an S3 user:
weka s3 policy attach <policy> <user>
Parameters
policy
*
Name of an existing IAM policy.
user
*
Name of an existing S3 user.
Detach a policy from an S3 user
Command: weka s3 policy detach
Use the following command line to detach an IAM policy from an S3 user:
weka s3 policy detach <user>
Parameters
user
*
Name of an existing S3 user.
Generate a temporary security token
Command: weka s3 sts assume-role
Use the following command line to generate a temporary security token:
weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>
Parameters
access-key
*
An S3 user access key
secret-key
An S3 user secret key
If not supplied, the command prompts to supply the secret-key.
policy-file
Path to a custom JSON file representing an IAM policy for anonymous access. You cannot gain additional capabilities to the IAM policy attached to this S3 user. See Supported Policy Actions.
duration
*
Duration for the token validity.
Possible values between 15 minutes and 1 week. Format: 900s
, 60m
, 2d
, 1w
An example response:
Access-Key: JR9O0U6V42KLPFQDO2Z3
Secret-Key: wM0QMWuQ04WHlByj2SlEyuNrWoliMaCoVPmRsKbH
Session-Token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJKUjlPMFU2VjQyS0xQRlFETzJaMyIsImV4cCI6NjA0ODAwMDAwMDAwMDAwLCJwb2xpY3kiOiJyZWFkd3JpdGUifQ.-rzf78OHdKv-25NFls1SaUvNKST5SoVSG8iR2hQrTQC1K05ZZlHBFfU-6N3_boF9c5P70y5Pa10YBHseh4DkVA
Last updated