# Manage S3 users and authentication using the CLI With the CLI, you can: * [View existing IAM policies](#view-existing-iam-policies) * [Add an IAM policy](#create-an-iam-policy) * [Delete an IAM policy](#creating-a-new-iam-policies) * [Attach a policy to an S3 user](#creating-a-new-iam-policies-1) * [Detach a policy from an S3 user](#creating-a-new-iam-policies-1-1) * [Generate a temporary security token](#generate-a-temporary-security-token) ## View existing IAM policies **Command:** `weka s3 policy list` Use this command to list the existing IAM policies. The command lists the pre-defined and custom policies the Cluster Admin has added. **Command:** `weka s3 policy show ` Use this command to see the JSON definition of the selected IAM policy. The pre-defined policy values are: {% tabs %} {% tab title="readonly" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetBucketTagging", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% tab title="writeonly" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% tab title="readwrite" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% endtabs %} ## Add an IAM policy **Command:** `weka s3 policy add` Use the following command line to add an S3 IAM policy: `weka s3 policy add ` **Parameters**
NameValue
policy-name*Name of the IAM policy to add.
policy-file*Path to the custom JSON file representing an IAM policy for anonymous access.
See #supported-s3-policy-actions.
## Delete an IAM policy **Command:** `weka s3 policy remove` Use the following command line to delete an S3 IAM policy:‌ `weka s3 policy remove `‌ **Parameters**
NameValue
policy-name*Name of the IAM policy to remove.
## Attach a policy to an S3 user **Command:** `weka s3 policy attach` Use the following command line to attach an IAM policy to an S3 user:‌ `weka s3 policy attach `‌ **Parameters**
NameValue
policy*Name of an existing IAM policy.
user*Name of a local WEKA S3 user.
## Detach a policy from an S3 user **Command:** `weka s3 policy detach` Use the following command line to detach an IAM policy from an S3 user:‌‌ `weka s3 policy detach `‌‌ **Parameters**
NameValue
user*Name of a local WEKA S3 user.
## Generate a temporary security token **Command:** `weka s3 sts assume-role` Use the following command line to generate a temporary security token: `weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>` **Parameters**
NameValueDefault
access-key*A local WEKA S3 user access key
secret-keyA local WEKA S3 user secret keyIf not supplied, the command prompts to supply the secret-key.
policy-filePath to a custom JSON file representing an IAM policy for anonymous access.
You cannot gain additional capabilities to the IAM policy attached to this S3 user.
See Supported Policy Actions.
duration*Duration for the token validity.
Possible values between 15 minutes and 1 week. Format: 900s, 60m, 2d, 1w
An example response: ``` Access-Key: JR9O0U6V42KLPFQDO2Z3 Secret-Key: wM0QMWuQ04WHlByj2SlEyuNrWoliMaCoVPmRsKbH Session-Token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJKUjlPMFU2VjQyS0xQRlFETzJaMyIsImV4cCI6NjA0ODAwMDAwMDAwMDAwLCJwb2xpY3kiOiJyZWFkd3JpdGUifQ.-rzf78OHdKv-25NFls1SaUvNKST5SoVSG8iR2hQrTQC1K05ZZlHBFfU-6N3_boF9c5P70y5Pa10YBHseh4DkVA ```