List of fields in the Storage Authentication Information (Amazon S3)

The fields in the input and output files of the Storage Authentication Information for Amazon S3 are shown below.

Field list

Table 7.6 Fields in the Storage Authentication Information

Field Name

Key

Value Format

Remarks

Array of records in the Storage Authentication Information

auth_info

array

 

ID

id

string

3 to 63 bytes

AWS Access Key

access_key

string

1 to 255 bytes

AWS Secret Access Key

secret_access_key

string

1 to 255 bytes

Session Token

session_token

string

1 to 2048 bytes

Enable IAM Role

enable_iam_role

boolean

 

Switch Role ARN

switch_role_arn

string

2 to 2048 bytes

External ID

external_id

string

2 to 2048 bytes

Role Session Name

role_session_name

string

2 to 255 bytes

 

Explanation of each field

Note

  • When you import the management information, if you specify Enable IAM Role, you cannot specify AWS Access Key, AWS Secret Access Key, and Session Token.

    For details on the priority of use for "Authenticate IAM user" that uses an AWS access key and AWS secret access key and "Enable IAM role", refer to Storage Authentication Information settings.

    For details on the priority of use for "Temporary security credential authentication" that uses an AWS access key, AWS secret access key, and session token, and "Enable IAM role", refer to Storage Authentication Information settings.

  • When you import the management information, you must specify Switch Role ARN, External ID, and Role Session Name all at the same time.

    You cannot specify each value separately.

  • When you import the management information, if you specify Session Token, you must specify the following values at the same time:

    • AWS Access Key

    • AWS Secret Access Key

Array of records in the Storage Authentication Information (auth_info)

Array of records in the Storage Authentication Information (mandatory)

This is the array of records in the Storage Authentication Information.

In this array, specify the fields in the Storage Authentication Information with a record for each ID.

ID (id)

ID (mandatory)

This field indicates the Storage Authentication Information ID.

Specify from 3 to 63 bytes of ASCII printable characters.

If you include single-byte spaces, "/", or "*", an error occurs.

AWS Access Key (access_key)

AWS access key (optional)

This field indicates the access key in order to connect to Amazon Web Service that is associated with the AWS user who performs the upload or download.

When you import the management information, specify from 1 to 255 bytes of ASCII printable characters.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

AWS Secret Access Key (secret_access_key)

AWS secret access key (optional)

This field indicates the secret key (password) associated with the access key in order to connect to Amazon Web Service.

When you import the management information, specify from 1 to 255 bytes of ASCII printable characters.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

Session Token (session_token)

Session token (optional)

This parameter specifies the session token used with temporary security credentials in order to connect to Amazon Web Service.

When you import the management information, specify from 1 to 2048 bytes of ASCII printable characters.

If you specify "none", the session token is disabled.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

Enable IAM Role (enable_iam_role)

Enable IAM role (optional)

If HULFT and HULFT Cloud Storage Option have been installed on Amazon EC2, this field indicates whether to enable authentication with an IAM role attached to Amazon EC2.

When you import the management information, specify "true" if you want to enable the IAM role. In this case, the authentication information for the IAM role attached to Amazon EC2 is used.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

= Remarks =

If HULFT and HULFT Cloud Storage Option have been installed in an environment other than Amazon EC2, transfer results in an error if you enable the IAM role.

Switch Role ARN (switch_role_arn)

Switch role ARN (optional)

This field indicates the Amazon Resource Name (ARN) of the IAM role to switch to.

When you import the management information, specify from 2 to 2048 bytes of ASCII printable characters.

If you specify "none", the switch role ARN is disabled and switching IAM roles is not performed.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

External ID (external_id)

External ID (optional)

This is the external ID that is used when IAM roles are switched.

When you import the management information, specify from 2 to 2048 bytes of ASCII printable characters.

If you specify "none", the external ID is disabled.

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.

Role Session Name (role_session_name)

Role session name (optional)

This field indicates the role session name that is used when IAM roles are switched.

When you import the management information, specify from 2 to 255 bytes of ASCII printable characters.

If you specify "none", the role session name is disabled and either of the following fixed values is used during transfer:

  • For upload: HULFT-S3-Upload

  • For download: HULFT-S3-Download

When you omit specification of this option, the value "Use the default value." is set. In this case, the value set in the default information is used during transfer.

When you export the management information, this value is output if it is registered.

If the value is not registered, nothing is output.