Alliance Doc

Accessing object storage with s3cmd: Difference between revisions

Page Discussion

Accessing object storage with s3cmd (view source)

Revision as of 18:14, 7 March 2023

1,606 bytes removed ,  1 year ago
removed duplicate content and added signpost to main object store page
No edit summary
(removed duplicate content and added signpost to main object store page)
Line 114: Line 114:
Other more sophisticated examples can be found in the s3cmd [https://www.s3express.com/help/help.html help site] or s3cmd(1) man page.
Other more sophisticated examples can be found in the s3cmd [https://www.s3express.com/help/help.html help site] or s3cmd(1) man page.


= Bucket policies =
Instructions on [[ Arbutus_object_storage#Managing_data_container_(bucket)_policies_for_your_Arbutus_Object_Store | managing bucket policies ]] for your object store, including examples using s3cmd are available on the main [[Arbutus_object_storage | object storage]] page.
{{Warning
  |title=Attention
  |content=
Be careful with policies because an ill-conceived policy can lock you out of your bucket.
}}
 
Currently, Arbutus Object Storage only implements a subset of Amazon's specification for [[https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-iam-policies.html bucket polices]]. The following example shows how to create, apply, and view a bucket's policy. The first step is create a policy json file, e.g. testbucket.policy :</p>
<pre>{
    &quot;Version&quot;: &quot;2012-10-17&quot;,
    &quot;Id&quot;: &quot;S3PolicyId1&quot;,
    &quot;Statement&quot;: [
        {
            &quot;Sid&quot;: &quot;IPAllow&quot;,
            &quot;Effect&quot;: &quot;Deny&quot;,
            &quot;Principal&quot;: &quot;*&quot;,
            &quot;Action&quot;: &quot;s3:*&quot;,
            &quot;Resource&quot;: [
                &quot;arn:aws:s3:::testbucket&quot;,
                &quot;arn:aws:s3:::testbucket/*&quot;
            ],
            &quot;Condition&quot;: {
                &quot;NotIpAddress&quot;: {
                    &quot;aws:SourceIp&quot;: &quot;206.12.0.0/16&quot;
                    &quot;aws:SourceIp&quot;: &quot;142.104.0.0/16&quot;
                }
            }
        }
    ]
}
</pre>
<p>This example denies access except from the specified source IP address ranges in Classless Inter-Domain Routing (CIDR) notation. In this example the s3://testbucket is limited to the public IP address range (206.12.0.0/16) used by the Arbutus cloud and the public IP address range (142.104.0.0/16) used by the University of Victoria.</p>
 
<p>Once you have your policy file, you can implement that policy on the bucket:</p>
<p><code>s3cmd setpolicy testbucket.policy s3://testbucket</code></p>
 
<p>To view the policy you can use the following command:</p>
<p><code>s3cmd info s3://testbucket</code></p>


[[Category:Cloud]]
[[Category:Cloud]]
</translate>
</translate>
Shuber
cc_staff
147

edits

Retrieved from "https://docs.alliancecan.ca/wiki/Special:MobileDiff/130999"