In order to use the S3 front-end protocol, first configure the Gateway as described in Gateway Configuration and then perform these additional steps:
- Verify that your Swarm storage configuration settings are correct, which is required for S3 clients to perform actions such as bucket deletion.
- Edit the
gateway.cfgfile for S3 use:- In the
[s3]section, enable the S3 front-end protocol. - In the
[storage_cluster]section, defineindexerHostsfor at least one indexer server.
- In the
- Create one or more authentication tokens for each S3 client.
When the S3 front-end protocol is in use, the Gateway must be able to query the Swarm Elasticsearch metadata index servers directly. If you have multiple metadata index servers, you can include as many as you wish in the indexerHosts parameter in order to spread the load across them and to provide fail-over in case one becomes unavailable.
The S3 protocol makes use of a shared secret key that is known to the client and the Gateway in order to provide request validation. The client creates an HMAC signature for every authenticated request and the Gateway must independently recreate the signature in order to validate the request. The AWS S3 access key and secret key is implemented with Gateway's token-based authentication.