Terms
Bucket
The name of a storage area where files/objects are placed. It is equivalent to a disk or a project in other forms of storage.
Object
Files and/or folders that are uploaded to the bucket are assigned separate metadata files that can be edited. Together, these data blocks constitute an "object." For simplicity, one can say that an object corresponds to what we would call a file in, for example, File Explorer.
IAM
"Identity and Access Management" is a built-in service in the solution that allows the creation of custom key pairs where access can be regulated through associated rule sets. It's only relevant to familiarize yourself with this if you are going to manage access in the GUI.
CMC
"Cloudian Management Console" is simply the name of the web interface or GUI used for managing buckets and users. In our solution, this is only available on the UiO network.
Setting up access keys
Authentication against buckets is done using a key pair that is utilized in API requests. The keys can be automatically read by most tools or modules if they are placed under ~/.aws/credentials (Windows: C:.aws\credentials) in the following format:
[default] region = oslo endpoint_url = https://s3-oslo.educloud.no aws_access_key_id = AKIA0123456787EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
If you order with self-administration, you can find the key pair with full access under "Profile --> Security Credentials" at the top right after logging into the web interface. Note that it is recommended not to use this key in production, but rather to create IAM keys with appropriate permissions.
More about this here:
If you only order bucket(s) with API access, you will be given an IAM key with customized access to these. This can then be safely used in production.
Most users will only have a single set of keys that can be placed under a "default" profile, but if you have several, they can be placed in the same file under individual profile names in brackets:
[default] region = oslo aws_access_key_id = AKIA0123456787EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY [foo] region = oslo aws_access_key_id = AKIA0123456787EXAMPLE aws_secret_access_key = wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
This enables easy authentication with different users by adding a profile option to the call (e.g., --profile <name> for the AWS CLI).
With keys ready, you can test access with your favorite language or tool.
We have a few guides here:
As you may have noticed, the credentials file is stored in plain text in the home directory. Initially, only the user has access to this file, and therefore it is not a major issue, similar to SSH keys, but if you have sensitive data in the bucket, it might be wise to consider encrypting the keys.
Read more about how this can be done here: