Working with S3-compatible credentials
When you want to interact with object storage in Cleura Cloud using
tools that support an Amazon S3 compatible API (such as
aws CLI, or the Python
boto3 library), you need an
S3-compatible access key ID and secret key.
You can create a set of S3-compatible credentials with the following command:
openstack ec2 credentials create
This will return an
Secret key that you can use to
environment variables (or whichever configuration options your
Your S3-compatible credentials are always scoped to your Cleura Cloud region and project. You cannot reuse an access and secret key across multiple regions or projects.
Also, your credentials are only “S3-compatible” in the sense that they use the same format as AWS S3 does. They are never valid against AWS S3 itself.
You can list any previously-created credentials with:
openstack ec2 credentials list
Configuring your S3 API client
Once you have obtained your S3-compatible access and secret key, you need to configure your S3 client with it.
How exactly you do that depends on your preferred client:
pip install awscli-plugin-endpoint
awsconfiguration file (normally
~/.aws/config), and add or modify the
[plugins] endpoint = awscli_plugin_endpoint
aws configure set \ --profile <region> \ aws_access_key_id <access-key> aws configure set \ --profile <region> \ aws_secret_access_key <secret-key> aws configure set \ --profile <region> \ s3.endpoint_url https://s3-<region>.citycloud.com:8080 aws configure set \ --profile <region> \ s3api.endpoint_url https://s3-<region>.citycloud.com:8080
Create a new alias, named after your Cleura Cloud region:
mc alias set <region> \ https://s3-<region>.citycloud.com:8080 \ <access-key> <secret-key>
s3cmd does not support configuration profiles, so you need to use
a separate configuration file for each Cleura Cloud region you
want to use:
s3cmd -c ~/.s3cfg-<region> --configure
- Set your
Secret Keywhen prompted.
DNS-style bucket+hostname:port template for accessing a bucketto
Use HTTPS protocolto
- Configure GnuPG encryption and your HTTP proxy server, if needed.
- Test access with your supplied credentials.
On subsequent invocations of the
s3cmd CLI, always add the
-c ~/.s3cfg-<region> option.
Create or edit the configuration file named
~/.rclone.conf, and insert a section named after your Cleura Cloud region.
That section should contain the following content:
[<region>] type = s3 provider = Ceph env_auth = false access_key_id = <access key id> secret_access_key = <secret key> endpoint = <region>.citycloud.com:8080 acl = private
If at any time you need to delete a set of AWS-compatible credentials, you can do so with the following command:
openstack ec2 credentials delete <access-key-id>
Deleting a set of S3-compatible credentials will immediately revoke access for any applications that were using it.