To access an S3 bucket, users need AWS access key ID and AWS secret. Both of these are generated by going to AWS website. When you use Ozone’s S3 protocol, you need the same AWS access key and secret.
Under Ozone, the clients can download the access key directly from Ozone.
The user needs to kinit
first and once they have authenticated via kerberos
they can download the S3 access key ID and AWS secret. Just like AWS S3,
both of these are secrets that needs to be protected by the client since it
gives full access to the S3 buckets.
ozone s3 getsecret
This command will talk to ozone, validate the user via Kerberos and generate the AWS credentials. The values will be printed out on the screen. You can set these values up in your .aws file for automatic access while working against Ozone S3 buckets.
aws configure set default.s3.signature_version s3v4
aws configure set aws_access_key_id ${accessId}
aws configure set aws_secret_access_key ${secret}
aws configure set region us-west-1
Please refer to AWS S3 documentation on how to use S3 via command line or via S3 API.
Next >>