# Manage S3 users and authentication using the CLI With the CLI, you can: * [View existing IAM policies](#view-existing-iam-policies) * [Add an IAM policy](#create-an-iam-policy) * [Delete an IAM policy](#creating-a-new-iam-policies) * [Attach a policy to an S3 user](#creating-a-new-iam-policies-1) * [Detach a policy from an S3 user](#creating-a-new-iam-policies-1-1) * [Generate a temporary security token](#generate-a-temporary-security-token) ## View existing IAM policies **Command:** `weka s3 policy list` Use this command to list the existing IAM policies. The command lists the pre-defined and custom policies the Cluster Admin has added. **Command:** `weka s3 policy show ` Use this command to see the JSON definition of the selected IAM policy. The pre-defined policy values are: {% tabs %} {% tab title="readonly" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:ListAllMyBuckets", "s3:ListBucket", "s3:ListBucketMultipartUploads", "s3:ListMultipartUploadParts", "s3:GetBucketLocation", "s3:GetBucketPolicy", "s3:GetBucketTagging", "s3:GetObject" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% tab title="writeonly" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% tab title="readwrite" %} ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:*" ], "Resource": [ "arn:aws:s3:::*" ] } ] } ``` {% endtab %} {% endtabs %} ## Add an IAM policy **Command:** `weka s3 policy add` Use the following command line to add an S3 IAM policy: `weka s3 policy add ` **Parameters**
NameValue
policy-name*Name of the IAM policy to add.
policy-file*Path to the custom JSON file representing an IAM policy for anonymous access.
See #supported-s3-policy-actions.
## Delete an IAM policy **Command:** `weka s3 policy remove` Use the following command line to delete an S3 IAM policy:‌ `weka s3 policy remove `‌ **Parameters**
NameValue
policy-name*Name of the IAM policy to remove.
## Attach a policy to an S3 user **Command:** `weka s3 policy attach` Use the following command line to attach an IAM policy to an S3 user:‌ `weka s3 policy attach `‌ **Parameters**
NameValue
policy*Name of an existing IAM policy.
user*Name of a local WEKA S3 user.
## Detach a policy from an S3 user **Command:** `weka s3 policy detach` Use the following command line to detach an IAM policy from an S3 user:‌‌ `weka s3 policy detach `‌‌ **Parameters**
NameValue
user*Name of a local WEKA S3 user.
## Generate a temporary security token **Command:** `weka s3 sts assume-role` Use the following command line to generate a temporary security token: `weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>` **Parameters**
NameValueDefault
access-key*A local WEKA S3 user access key
secret-keyA local WEKA S3 user secret keyIf not supplied, the command prompts to supply the secret-key.
policy-filePath to a custom JSON file representing an IAM policy for anonymous access.
You cannot gain additional capabilities to the IAM policy attached to this S3 user.
See Supported Policy Actions.
duration*Duration for the token validity.
Possible values between 15 minutes and 1 week. Format: 900s, 60m, 2d, 1w
An example response: ``` Access-Key: JR9O0U6V42KLPFQDO2Z3 Secret-Key: wM0QMWuQ04WHlByj2SlEyuNrWoliMaCoVPmRsKbH Session-Token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJKUjlPMFU2VjQyS0xQRlFETzJaMyIsImV4cCI6NjA0ODAwMDAwMDAwMDAwLCJwb2xpY3kiOiJyZWFkd3JpdGUifQ.-rzf78OHdKv-25NFls1SaUvNKST5SoVSG8iR2hQrTQC1K05ZZlHBFfU-6N3_boF9c5P70y5Pa10YBHseh4DkVA ``` --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.weka.io/additional-protocols/s3/s3-users-and-authentication/s3-users-and-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.