...
Tip: add multiple profiles besides [default]
that use different Swarm clusters or domains then refer to it using aws --profile devswarm …
. Unfortunately the domain, which must resolve to your Gateway S3 endpoint, must always be specified on the command-line with --endpoint-url
.
Increase the part size from the default (https://docs.aws.amazon.com/cli/latest/topic/s3-config.html#multipart-chunksize) 8MB to 100MB to improve read performance. This configures ~/.aws/config
.
Code Block |
---|
aws configure set default.s3.multipart_chunksize 100MB |
This will show the buckets in your domain then list a bucket:
Code Block |
---|
aws s3api --endpoint-url http://mydomain.example.com:8090 list-buckets aws s3api --endpoint-url http://mydomain.example.com:8090 list-objects --bucket mybucket |
The aws s3
syntax is slight different than the aws s3api
commands:
Code Block |
---|
aws s3 --endpoint-url http://mydomain.example.com:8090 ls aws s3 --endpoint-url http://mydomain.example.com:8090 ls s3://mybucket |
Tip: use aws --debug
to see full HTTP request and response details, including the request-id for searching cloudgateway_server.log. Long listings might require --cli-read-timeout 300
. Internal error messages like this are expected and can be ignored:botocore.exceptions.ConnectTimeoutError: Connect timeout on endpoint URL: "http://169.254.169.254/latest/meta-data/placement/availability-zone/"
The s3api
subcommand provides most of the AWS S3 features. E.g. these commands create a bucket with a locking and retention configuration. Note this feature requires the upcoming Gateway 7.6 release! An object is created then locked with a “legal hold” preventing that version from being deleted. Finally the lock is removed so the version can be deleted.
Code Block |
---|
aws s3api --endpoint-url http://mydomain.example.com:8090 create-bucket --bucket locker --object-lock-enabled-for-bucket
aws s3api --endpoint-url http://mydomain.example.com:8090 put-bucket-versioning --bucket locker --versioning-configuration Status=Enabled
aws --debug s3api --endpoint-url http://mydomain.example.com:8090 put-object-lock-configuration --bucket locker --object-lock-configuration '{ "ObjectLockEnabled": "Enabled", "Rule": { "DefaultRetention": { "Mode": "GOVERNANCE", "Days": 1, "Years": 0 } } }'
aws s3api --endpoint-url http://mydomain.example.com:8090 put-object --bucket locker --key incriminating.log
VERSION_ID=$(aws s3api --endpoint-url http://mydomain.example.com:8090 list-object-versions --bucket locker | jq -r '.Versions|map(select(.Key=="incriminating.log"))[0].VersionId')
aws s3api --endpoint-url http://mydomain.example.com:8090 put-object-legal-hold --bucket locker --key incriminating.log --version-id ${VERSION_ID} --legal-hold Status=ON
aws s3api --endpoint-url http://mydomain.example.com:8090 delete-object --bucket locker --key incriminating.log --version-id ${VERSION_ID} || echo "Good, expected failure"
aws s3api --endpoint-url http://mydomain.example.com:8090 put-object-legal-hold --bucket locker --key incriminating.log --version-id ${VERSION_ID} --legal-hold Status=OFF
aws s3api --endpoint-url http://mydomain.example.com:8090 delete-object --bucket locker --key incriminating.log --version-id ${VERSION_ID}
test $(aws s3api --endpoint-url http://mydomain.example.com:8090 list-object-versions --bucket locker | jq -r '.Versions|map(select(.Key=="incriminating.log"))|length') -eq 0 || echo "Expected zero objects" |