Archive Pool requires a user managed Amazon S3 bucket to store the synchronized files. 


Supported in Plans:

  • CloudNAS Business
  • CloudNAS Enterprise


Note: If you do not have a Amazon S3 account, visit Amazon S3 Getting Started to create an account.


In order to use Amazon, you will need the following information from your S3 account:

  • Bucket Name
  • Access Key ID
  • Secret Access Key
     

Bucket Name

Specify a bucket to be used as the data object store. You can find the information about your buckets in the S3 console.

Note: If you do not have a bucket, please create a bucket by clicking on the "Create a Bucket" S3 console. For more information, please refer to the page Create a Bucket.


Access Key ID

Obtain the Key ID from the user you want to use to access the S3 bucket. To find the Key ID:

  • Select IAM from the list of AWS services. 
  • Click "Users" item in the navigation menu
  • Choose the user you want use to connect to the S3 bucket
  • Click on the tab "Security credentials"
  • Find the Key ID in the Access Key ID column.


If you do not have an Access Key ID, then you can generate a new Access Key ID and Secret Access Key.


Secret Access Key

If you do not have your access key or your access key is lost, then you cannot obtain the key from the system. You must generate a new Access Key ID and Secret Access Key pair. For more information on how to create a new key, please refer to the page Managing Access Keys for your AWS Account.


Permissions

You must specify the following permissions:


  • For the bucket:
    • s3:ListBucket
    • s3:GetBucketLocation
  • Put, get, delete object permission in the bucket.
    • s3:GetObject
    • s3:DeleteObject
    • s3:PutObject
    • s3:ListMultipartUploadParts
       
  • Get federal token permission (sts)
    • sts:GetFederationToken


To set the permissions, go to the "Permissions" tab in the "Users" page.



Specify the following json code in the policy field.


You can copy and paste the code from below:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "bucketSid",
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "{bucket ARN}"
            ]
        },
        {
            "Sid": "objectSid",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts",
                "s3:AbortMultipartUpload"
            ],
            "Resource": [
                "{bucket ARN}/*"
            ]
        },
        {
            "Sid": "kmsSid",
            "Effect": "Allow",
            "Action": [
                "kms:Decrypt",
                "kms:GenerateDataKey"
            ],
            "Resource": [
                "{kms key ARN}"
            ]
        },
        {
            "Sid": "stsSid",
            "Effect": "Allow",
            "Action": "sts:GetFederationToken",
            "Resource": "*"
        }
    ]
}


Specify the values for:

  • bucketSid
  • objectSid
  • kmsSid
  • stsSid

Update the values for "bucketName" to the name of the bucket in your S3 account.

For example if you bucketname is "my-amazon-s3-bucket", your permission code will look like this. 


Server Side Encryption

If using AWS-KMS encryption option, add the following permissions:


{
    "Sid": "kmsSid",
    "Effect": "Allow",
    "Action": [
        "kms:Decrypt",
        "kms:GenerateDataKey"
    ],
    "Resource": [
        "{kms key ARN}"
    ]
}

 

Regions

Admins do not need to provide the region in which their bucket is located. The Bucket Name, Key ID, and Application Key will automatically know in which reach the bucket is located.


Using Amazon S3


Add Cloud Storage Panel



Complete the following steps to add the Cloud Storage Gateway

  1. Choose the storage type "Your Object Storage for Archive".
  2. Choose the Provider: Amazon S3.
  3. Enter a Name
  4. Enter the S3 account information      
    • Bucket Name
    • Key ID
    • Secret Key


Step 1. Choose your storage type

Choose the object store. To use Archive share, choose "Your Object Storage for Archive".


Step 2. Choose your provider

Choose the icon for Amazon S3 from the list of providers.


Step 3. Enter a Name

Choose a name for your Cloud Storage Group and enter it in the Name field. The name is used identify the cloud storage group in your system.


Step 4. Enter your S3 account information

Enter the Bucket Name, Key ID, and Secret Key for your account. The three pieces of information tells Morro Data which S3 bucket to use to store the files managed in this cloud storage group.


Click CREATE to complete the process.


Once the Cloud Storage Group is created, you can create pools and shares within that cloud storage group. For more information on creating pools and shares, reference the article File System - Create Pool and Share.




Notes on Features

Account Permissions

If any changes to the permissions of the S3 account are made, an email will be sent the Morro account administrators. Changes to permissions may cause interruption in service.