Skip to content

User Authentication

Introduction

Authentication and access control in Switch Cloud S3 ensure that only authorized users can access and manage data. This section covers configuring user access to Switch Cloud S3 service through the AWS CLI and Rclone, along with examples.

Prerequisites

  • Obtain S3 access keys through Switch Cloud Portal. Remember that each project has it's own unique keys.
  • One of the S3 compatible CLI clients.

Tool Configuration

There are two options to configure your AWS CLI client with credentials obtained from Switch Cloud Portal to your SCS3 project:

  1. AWS Configuration File

    By default AWS CLI uses a the $HOME/.aws/credentials configuration file. In this file you can create a profile with credentials. See the content of the example configuration file below.

    [my_s3_project_name]
endpoint_url = <endpoint_url_obtained_from_the_Switch_Cloud_Portal>
region = ch
aws_access_key_id = <your_s3_access_key_id_obtained_from_the_Switch_Cloud_Portal>
aws_secret_access_key = <your_s3_secret_access_key_obtained_from_the_Switch_Cloud_Portal>

    After creating a profile you will be able to perform actions on your SCS3 bucket using the --profile flag in your CLI commands.

    For example you may use the created profile my_s3_project_name in order to create a new bucket:

    aws --profile my_s3_project_name s3 mb s3://<your_bucket_name>

    You may also set an environment variable to skip the --profile flag:

    export AWS_PROFILE=my_s3_project_name

    Then you may directly do: 

    aws s3 mb s3://<your_bucket_name>

  2. Environment Variables

    Set the environment variables with credentials to your SCS3 project.

    export AWS_ENDPOINT_URL=<endpoint url obtained from the Switch Cloud Portal>
export AWS_REGION=ch
export AWS_ACCESS_KEY_ID=<your s3 access key id obtained from the Switch Cloud Portal>
export AWS_SECRET_ACCESS_KEY=<your s3 secret access key obtained from the Switch Cloud Portal>

    When configuration is set via environment variables, you can drop --profile flag in your CLI commands.

    Example:

    aws s3 mb s3://<your_bucket_name>

By default Rclone uses the $HOME/.config/rclone/rclone.conf configuration file. In this file you can create a profile with credentials which is similar to the AWS configuration. See the content of the example configuration file below.

[<s3_profile>]
type = s3
provider = Ceph
endpoint = <endpoint_url_obtained_from_the_Switch_Cloud_Portal>
access_key_id = <your_s3_access_key_id_obtained_from_the_Switch_Cloud_Portal>
secret_access_key = <your_s3_secret_access_key_obtained_from_the_Switch_Cloud_Portal>

Example CLI command:

rclone mkdir <s3_profile>:<your_bucket_name>