Storage Authentication Information settings
In HULFT Cloud Storage Option Ver.8.5.1 or higher, you can use the individual settings or default settings of the object storage authentication information according to actual operations.
Specify the individual settings or default settings of the authentication information in the Storage Authentication Information.
The settings for the Storage Authentication Information to configure the individual settings or default settings are shown below.
-
When configuring the individual settings
You can configure the settings of the object storage authentication information for each transfer destination (individual settings) by registering values in the Storage Authentication Information in the Cloud Storage DB.
If you specify Storage Authentication Information ID in the Receive Storage Management Information or the Send Storage Management Information, the individual settings information registered for the ID is used.
-
When configuring the default settings
You can configure the settings that are used in common when the individual settings are not specified (default settings) by registering values in the default information for the Storage Authentication Information in the Cloud Storage DB.
If you do not specify Storage Authentication Information ID in the Receive Storage Management Information or the Send Storage Management Information, the default settings information is used.
For the Storage Authentication Information and the default information, you can register only the necessary fields instead of registering all of the fields.
If you do not register a value in the Storage Authentication Information, the value registered in the default information is used.
If you do not register a default value, the value in the downward-compatible settings is used.
The transfer-related information that can be set to the Storage Authentication Information or the default information is shown below.
|
Field Name |
Whether It Can Be Omitted |
|---|---|
|
Storage Authentication Information ID |
(*1) |
|
AWS Access Key |
✓ |
|
AWS Secret Access Key |
✓ |
|
Session Token |
✓ (*4) |
|
Enable IAM Role |
✓ (*2) |
|
Switch Role ARN |
✓ (*3) |
|
External ID |
✓ (*3) |
|
Role Session Name |
✓ (*3) |
|
✓ |
: |
Optional |
|
Blank |
: |
Mandatory |
|
*1 |
: |
In the default information, this field does not exist and cannot be set. |
|
*2 |
: |
You can set this field in HULFT Cloud Storage Option Ver.8.5.2 or higher. |
|
*3 |
: |
You can set this field in HULFT Cloud Storage Option Ver.8.5.4 or higher. |
|
*4 |
: |
You can set this field in HULFT Cloud Storage Option Ver.8.5.6 or higher. |
For details on the fields, refer to Utilities on Amazon S3.
For Amazon S3, for the details on how to get an access key, secret access key, and session token, refer to the respective documents provided by AWS.
When you set Enable IAM role to "Enabled (ON)" for the Storage Authentication Information on the Cloud Storage DB, the IAM role (instance profile authentication information) set on Amazon EC2 is used. For details on the authentication information on Amazon EC2, refer to the respective documents provided by AWS.
For usage examples of the utilities to configure the individual settings or default settings of authentication information, refer to the following:
-
Registering the object storage authentication information for each transfer destination (bucket)
-
Registering the object storage authentication information to use in common for file transfers
Priority of use for setting values
When you use Amazon S3, authentication that uses an AWS access key and AWS secret access key is called "Authenticate IAM user".
If you set the values for the aforementioned "Authenticate IAM user" and set the enabling of the IAM role to "Enabled", the values for "Authenticate IAM user" are prioritized and used.
Authentication that uses an AWS access key, AWS secret access key, and session token is called "Temporary security credential authentication".
If you set the values for "Temporary security credential authentication", it has priority over "Authenticate IAM user".
The priority of the fields is shown in the table below.
|
Priority |
Location of the Setting |
Field |
|---|---|---|
|
1 |
Storage Authentication Information |
AWS Access Key AWS Secret Access Key Session Token (*1) |
|
2 |
Default information for the Storage Authentication Information |
|
|
3 |
Environment variable |
|
|
4 |
Storage Authentication Information |
Enable IAM Role |
|
5 |
Default information for the Storage Authentication Information |
|
*1 |
: |
Settings for the "Storage Authentication Information" and the "default information for the Storage Authentication Information" |
Registering or deleting the Storage Authentication Information
For the Storage Authentication Information, check the settings by using the output command included in the HULFT Cloud Storage Option utilities, and then register or delete the content.
For details on the HULFT Cloud Storage Option utilities, refer to Utilities on Amazon S3.