Managing S3 accounts

An S3 account is a container for S3 user with additional credentials. An account is owned by a single user while a user can have multiple accounts. You can create and manage S3 accounts by using the ostor-s3-admin command-line tool.

When you create an S3 account, an access key pair (access key ID and secret access key) is generated automatically. It is recommended to periodically revoke old and generate new access key pairs.

Limitations

  • The maximum of two active access key pairs are allowed per account.

To create an S3 account

  1. Find out the ID of the object storage volume. For example:

    # ostor-ctl get-config -V
VOL_ID             TYPE     STATE
0100000000000002   OBJ     READY

  2. Create an account for an S3 user specifying the user email and an account name. For example, to create the account myaccount for the user with the email myuser@email.com, run:

    # ostor-s3-admin create-account -V 0100000000000002 -n myaccount -e myuser@email.com

    This command requires the following parameters:

    -V, --volume <volume_id>
    The volume ID obtained in step 1
    -n <account_name>
    Account name
    -e <user_email>
    User email

  3. Check that the new account is created for the user. For example, if the user's email is myuser@email.com, run:

    # ostor-s3-admin list-user-accounts -V 0100000000000002 -e myuser@email.com
NAME       USER_ID           EMAIL             S3AccessKeyId        S3SecretAccessKey
myaccount  b09693b73b3c7686  myuser@email.com  b09693b73b3c768613NV ***

To generate an access key pair for an S3 account

Use the ostor-s3-admin gen-access-key command. For example:

# ostor-s3-admin gen-access-key -V 0100000000000002 -n myaccount -e myuser@email.com

This command requires the following parameters:

-V, --volume <volume_id>
The volume ID obtained by using the ostor-ctl get-config -V command
-n <account_name>
Account name
-e <user_email>
User email

To revoke an access key pair for an S3 account

Use the ostor-s3-admin revoke-access-key command. For example:

# ostor-s3-admin revoke-access-key -V 0100000000000002 -e user@email.com -k de86d1c19e616455YIPU

This command requires the following parameters:

-V, --volume <volume_id>
The volume ID obtained by using the ostor-ctl get-config -V command
-e <user_email>
User email
-k <access_key_id>
User access key ID

To delete an S3 account

Use the ostor-s3-admin delete-account command. For example:

# ostor-s3-admin delete-account -V 0100000000000002 -n myaccount -e myuser@email.com

This command requires the following parameters:

-V, --volume <volume_id>
The volume ID obtained in step 1
-n <account_name>
Account name
-e <user_email>
User email
Related Topics Link IconSee also