S3 Buckets Management
This page describes how to manage S3 buckets.
Overview
Buckets can be managed by either standard S3 API calls or by using the Weka API/CLI.
Buckets permissions are determined by the user's IAM policy for authorized access or by setting bucket policies for anonymous access.
By default, buckets and objects created through the S3 protocol will have root POSIX permissions. When creating a user with an S3 role, specific POSIX permissions can be set for objects created with this user access/secret keys. Objects created using anonymous access (for buckets with IAM policy allowing that) will get the anonymous UID/GID.
By default, all buckets are created within the filesystem specified in the S3 cluster creation. It is possible to create a bucket in a different filesystem, by calling the Weka API/CLI.
Directories (adhering to the naming limitations) within this filesystem are exposed as buckets without anonymous permissions.
Managing Buckets using the CLI
Creating a New Bucket
Command: weka s3 bucket create
Use the following command line to create an S3 bucket:
weka s3 bucket create <name> [--policy policy] [--policy-json policy-json] [--hard-quota hard-quota] [--fs-name fs-name] [--fs-id fs-id] [--existing-path existing-path]
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name for the new S3 bucket | Refer to the Bucket Naming Limitations section. | Yes | |
| String | The name of a pre-defined bucket policy for anonymous access. | One of: | No |
|
| String | A path to a custom policy JSON file for anonymous access. | A JSON file representing an S3 bucket policy. | No | |
| Number | Hard quota for the S3 bucket | Can only be set on a new bucket without existing data (cannot be set when using | No | |
| String | Filesystem name to create the new bucket within | An existing filesystem name | No. When specified, use only | The default filesystem specified when creating the S3 cluster |
| Number | Filesystem ID to create the new bucket within | An existing filesystem ID | No. When specified, use only | The default filesystem specified when creating the S3 cluster |
| String | Existing directory path (relative to the filesystem root) to expose a bucket from | An existing path within the filesystem | No |
Listing Buckets
Command: weka s3 bucket list
Use this command to list existing buckets.
Setting a Bucket Quota
Command: weka s3 bucket quota set
Use the following command line to create an S3 bucket:
weka s3 bucket quota set <bucket-name> <hard-quota>
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing S3 bucket | Yes | ||
| Number | Hard quota for the S3 bucket | Can only be initially set on an empty bucket. Calling this command on a bucket that already has a quota will change the quota limitation. | Yes |
Unsetting a Bucket Quota
Command: weka s3 bucket quota unset <bucket-name>
Use this command to unset an existing bucket quota.
Note: If the bucket point to a directory shared with other protocols, changing the quota affects all protocols (changes the associated directory quota).
Deleting a Bucket
Command: weka s3 bucket destroy
Use this command to delete an existing bucket.
Note: A bucket can only be deleted if it is empty (all its objects have been deleted).
Managing Bucket Policies
It is possible to set bucket policies for anonymous access. You can choose one of the pre-defined policies or add your own customized policies.
Setting a Pre-Defined Bucket Policy
A bucket is automatically created without any anonymous access permissions. You can use one of the pre-defined policies: download, upload, or public.
For example, for a bucket named mybucket, these will be the pre-defined policies values:
Command: weka s3 bucket policy set
Use the following command line to set a pre-defined bucket policy:
weka s3 bucket policy set <bucket-policy> <bucket-name>
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of a pre-defined bucket policy for anonymous access. | One of: | Yes | |
| String | The name of an existing S3 bucket | Yes |
Setting a Custom Bucket Policy
To create a custom policy, you can use AWS Policy Generator and select S3 Bucket Policy as the policy type. With a custom policy, it is possible to limit anonymous access only to specific prefixes.
For example, to set a custom policy for mybucket to allow read-only access for objects with a public/ prefix, the custom policy, as generated with the calculator, is:
Command: weka s3 bucket policy set-custom
Use the following command line to set a custom bucket policy:
weka s3 bucket policy set-custom <bucket-name> <policy-file>
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing S3 bucket. | Yes | ||
| String | A path to a custom policy JSON file for anonymous access. | A JSON file representing an S3 bucket policy. Wildcards (e.g., | Yes |
Viewing a Bucket Policy
Command: weka s3 bucket policy get / weka s3 bucket policy get-json
Use the following command line to view an S3 bucket policy name/JSON:
weka s3 bucket policy get <bucket-name> / weka s3 bucket policy get-json <bucket-name>
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing S3 bucket. | Yes |
Unsetting a Bucket Policy
Command: weka s3 bucket policy unset
Use the following command line to unset an S3 bucket policy:
weka s3 bucket policy unset <bucket-name>
Parameters in Command Line
Name | Type | Value | Limitations | Mandatory | Default |
| String | The name of an existing S3 bucket. | Yes |
Last updated