Settings for using Amazon S3

Access permissions for buckets and objects

Grant the permissions for buckets and objects to users that upload objects to Amazon S3 or download objects from Amazon S3.

Use IAM, ACL, or bucket policy to grant the permissions shown in the table below. For details on how to grant permissions, refer to the respective documents provided by AWS.

When using the upload function, the required permissions differ according to whether "New Creation" or "Replace" is specified for Registration Mode in the Receive Management Information.

Table 3.1 Required permissions for object upload

Receive Management Information
 

Permission

IAM

ACL

Bucket Policy

Registration Mode

Bucket

Object

Bucket

Object

Bucket

Object

New Creation

ListBucket

PutObject

(None)

List objects
Write objects

ListBucket

PutObject

Replace

(None)

PutObject

(None)

Write objects

(None)

PutObject

Table 3.2 Required permissions for object download

Permission

IAM

ACL

Bucket Policy

Bucket

Object

Bucket

Object

Bucket

Object

ListBucket (*1)

GetObject

(None)

Read objects

(None)

GetObject

*1

:

When the object does not exist, an error occurs.

Also, when ListBucket permissions are not granted to the bucket, a permissions error occurs. To prevent permissions errors, we recommend that you grant ListBucket permissions to the bucket.

 

To cancel the transfer, the permissions below are required in addition to the permissions above.

Table 3.3 Required permissions to cancel transfers

Permission

IAM

ACL

Bucket Policy

Bucket

Object

Bucket

Object

Bucket

Object

(None)

AbortMultipartUpload

(None)

(None)

(None)

AbortMultipartUpload

Settings to access AWS

Specify the system environment variables for the OSs of the receiving-side host and the sending-side host so that the HULFT Cloud Storage Option plug-in can access AWS.

Table 3.4 Environment variables for using AWS

Environment Variable Name

Description

AWS_ACCESS_KEY_ID

Access key of the AWS user who performs the upload

AWS_SECRET_ACCESS_KEY

Secret key (password) for the access key

AWS_DEFAULT_REGION

Region to send the upload to

 

Specifying the environment variables below may cause HULFT Cloud Storage Option to operate improperly. For this reason, do not use the following values:

  • AWS_SESSION_TOKEN

  • AWS_CA_BUNDLE

  • SSL_SERT_FILE

  • SSL_CERT_DIR

For details on the regions that AWS default region supports, refer to Regions for which operation of Amazon S3 has been verified.

 

For details on how to configure the settings, refer to the following:

For HULFT8 for Windows:

Access authentication settings for object storage (Windows)

For HULFT8 for Linux:

Access authentication settings for object storage (Linux)