In this topic we will cover how to create and retrieve the specific supported cloud provider object storage access credentials.


Overview 


A cloud provider storage or user account provides a unique namespace to store and access your data objects. Each cloud provider is potentially different in their specific deployment requirements for their security credentials however the premise behind authentication is similar in implementation, terms maybe slightly different between vendors.


In order to create your team's cloud, you first need to supply your preferred cloud provider bucket or blob access keys and secret access keys to grant permissions for LucidLink client to read and write directly from the cloud providers object store. 


As we innovate our solution we will broaden and continuously update this list of qualified and supported cloud providers object stores. Please let us know via the forums should your preferred cloud providers not yet be represented, as this can assist us prioritize our development efforts based on demand.


Amazon S3

1. Login to your AWS Management Console

2. Within Services, select Security, Identity & Compliance and choose Identity and Access Management (IAM)

3. Once within IAM navigate to Users (recommended use is individual user access keys rather than root access keys as users can be disabled/updated without affecting global account access)

4. Create or manage an existing (in this topic we will 'add user') select Add User

5. Provide a valid Username, check Programmatic access box and select Next: Permissions to continue.

6. Modify your permissions, assign user an appropriate Access Policy (in this example we chosen an in-built S3 Policy type of AmazonS3FullAccess; CREATE BUCKET, PUT, GET, LIST, DELETE Bucket/Object permissions are required) and Next: Review to continue.

7. Review and Create user

8. Once successful. Please save your user security credentials (Access key ID and Secret access key) in a safe place, Download .csv, or Show to make visible and click Close once complete.

Specific IAM User to Bucket Policy:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket-name>/*",
                "arn:aws:s3:::<bucket-name>"
            ]
        }
    ]
}


IAM User with Create Bucket included in Policy:


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",

                 "s3:CreateBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "*",
                "arn:aws:s3:::*/*"
            ]
        }
    ]
}