With the CLI, you can:

• View existing IAM policies

• Add an IAM policy

• Delete an IAM policy

• Attach a policy to an S3 user

• Detach a policy from an S3 user

• Generate a temporary security token

View existing IAM policies

Command: weka s3 policy list

Use this command to list the existing IAM policies.

The command lists both the pre-defined policies and custom policies that the Cluster Admin has added.

Command: weka s3 policy show <policy-name>

Use this command to see the JSON definition of the selected IAM policy.

The pre-defined policies value are:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:ListAllMyBuckets",
        "s3:ListBucket",
        "s3:ListBucketMultipartUploads",
        "s3:ListMultipartUploadParts",
        "s3:GetBucketLocation",
        "s3:GetBucketPolicy",
        "s3:GetBucketTagging",
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:*"
      ],
      "Resource": [
        "arn:aws:s3:::*"
      ]
    }
  ]
}

Add an IAM policy

Command: weka s3 policy add

Use the following command line to add an S3 IAM policy:

weka s3 policy add <policy-name> <policy-file>

Parameters

Delete an IAM policy

Command: weka s3 policy remove

Use the following command line to delete an S3 IAM policy:‌

weka s3 policy remove <policy-name>‌

Parameters

Attach a policy to an S3 user

Command: weka s3 policy attach

Use the following command line to attach an IAM policy to an S3 user:‌

weka s3 policy attach <policy> <user>‌

Parameters

Detach a policy from an S3 user

Command: weka s3 policy detach

Use the following command line to detach an IAM policy from an S3 user:‌‌

weka s3 policy detach <user>‌‌

Parameters

Generate a temporary security token

Command: weka s3 sts assume-role

Use the following command line to generate a temporary security token:

weka s3 sts assume-role <--access-key access-key> [--secret-key secret-key] [--policy-file policy-file] <--duration duration>

Parameters

An example response:

Access-Key: JR9O0U6V42KLPFQDO2Z3
Secret-Key: wM0QMWuQ04WHlByj2SlEyuNrWoliMaCoVPmRsKbH
Session-Token: eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJhY2Nlc3NLZXkiOiJKUjlPMFU2VjQyS0xQRlFETzJaMyIsImV4cCI6NjA0ODAwMDAwMDAwMDAwLCJwb2xpY3kiOiJyZWFkd3JpdGUifQ.-rzf78OHdKv-25NFls1SaUvNKST5SoVSG8iR2hQrTQC1K05ZZlHBFfU-6N3_boF9c5P70y5Pa10YBHseh4DkVA