W E K A
WebsiteSupportDownloads/LicensingAWS Self-Service Portal
Search…
4.0
Weka documentation
Weka System Overview
About the Weka system
SSD capacity management
Filesystems, object stores, and filesystem groups
Weka networking
Data lifecycle management
Weka client and mount modes
Glossary
Getting Started with Weka
Quick installation guide
Manage the system using the Weka CLI
Manage the system using the Weka GUI
Run first IOs with WekaFS
Getting started with Weka REST API
Planning & Installation
Prerequisites for installation
Weka installation on bare metal
Weka installation on AWS
Performance
Weka performance tests
WekaFS Filesystems & Object Stores
Manage object stores
Manage filesystem groups
Manage filesystems
Attach or detach object store buckets
Advanced data lifecycle management
Mount filesystems
Snapshots
Snap-To-Object
Quota management
Additional Protocols
NFS
SMB
S3
S3 cluster management
S3 buckets management
S3 users and authentication
S3 rules information lifecycle management (ILM)
Audit S3 APIs
S3 supported APIs and limitations
S3 examples using boto3
Operation Guide
Alerts
Events
Statistics
System congestion
Security management
User management
Organizations management
Expand and shrink cluster resources
Background tasks
Upgrade Weka versions
Billing & Licensing
License overview
Classic license
Pay-As-You-Go license
Support
Prerequisites and compatibility
Get support for your Weka system
The Weka support cloud
Diagnostics management
Appendix
Weka CSI Plugin
Monitor using external tools
Snapshot management
REST API Reference Guide
Powered By GitBook
S3
This page describes the Weka implementation of the S3 protocol.
The S3 protocol is widely used and spans many cloud-native or cloud-ready applications.
With Weka, you can:
  • Ingest data with S3, and then you can access the data with either S3 or other protocols.
  • Expose existing data to S3, and migrate your application within the same data platform.
  • Burst to the cloud and use new applications without migrating your data.
While gaining Weka's scale, performance, and resiliency advantages, you can gradually move applications to S3 and access the same data through multiple protocols, POSIX, S3, SMB, NFS, and GPUDirect Storage.
The Weka S3 is a scalable and resilient service that provides multi-protocol access to data.
You implement the S3 service by specifying a set of storage hosts that run the S3 protocol and then creating a logical S3 cluster to expose the S3 service. When defining many hosts that serve the S3 protocol, the S3 cluster scales to higher performance.
By integrating a round-robin DNS or a load balancer, different S3 clients can access other hosts, allowing the Weka system to scale and service thousands of clients.
The Weka S3 service works on top of the WekaFS file service. Buckets are mapped to top-level directories, and objects are mapped to files. Then, the same data can be exposed with either Weka-supported protocols.
Related topics
​S3 cluster management​

S3 access

User access to S3 APIs can be either authenticated or anonymous.

User authentication

The process of gaining authenticated S3 access requires to:
  1. 1.
    Create an internal Weka user with an S3 user role.
  2. 2.
    Add and attach an IAM policy for the S3 user. The IAM policy determines the S3 user's permissions to S3 operations and resources.
As an S3 user, you can also create temporary security tokens (STS AssumeRole) or service accounts with restricted permissions.
Related topics
​User management​

Anonymous access

Anonymous access to buckets/objects can be obtained by one of the following:
  • Bucket policy
  • Pre-signed URLs
Related topics
​manage-bucket-policies​
​Pre-signed URL example​

S3 security

Encryption of data at rest

Data written through the S3 protocol can be encrypted at rest by setting an encrypted filesystem.

TLS

Clients' access to the service through HTTPS is provided using the same certificates that Weka uses for other API access.
Related topics
​Encrypted filesystems​
​tls​

S3 Audit

The S3 API calls can be audited using an HTTP webhook service and connecting to an application such as Splunk.
To set an audit target, use the weka s3 cluster audit-webhook enable CLI command.
Related topics
​Audit S3 APIs​
Previous
Manage SMB using the CLI
Next
S3 cluster management
Last modified 3mo ago
Copy link
Outline
S3 access
User authentication
Anonymous access
S3 security
Encryption of data at rest
TLS
S3 Audit