S3 Credential Management

Object Mount can connect to Storj’s Distributed Cloud Storage offering as well as other major S3-compatible cloud storage providers.

You will need to create and/or obtain credentials from your S3 provider, and then configure Object Mount to use those credentials.

Note: API access may also need to be enabled for some 3rd-party S3 providers. Consult your storage solution’s documentation to learn how to enable API access.

Obtaining Your S3 Credentials

You will need to obtain the following three items from your storage provider:

VariableDescription
Access Key IDExample: j4SQYkDxxxxxxxxxxsaSRYAahZgh
Access Key SecretExample: vMxJBmUxxxxxxxxxxxxxxxxxxxxxxxxxK4kKvwJnw8PwKpj4PmNvL
EndpointAn accessible IP address or domain/subdomain/host to use as an endpoint. Example: https://gateway.storjshare.io

Credential Requirements

The credentials you obtain need to have sufficient permissions in order for Object Mount to discover, read, write, and manage your data, including the permission to list buckets.

If this is not possible (or desired), you can use cuno creds pair options. See the Pairing Containers and Credentials section in the Linux Advanced Configuration Guide article: Advanced Credential Options.

For instructions on how to create and/or obtain your S3 storage credentials, select the tab below that corresponds to your S3 provider:

Amazon Web Services

AWS EC2 with IAM:

If you are accessing S3 buckets through an Amazon AWS EC2 instance configured with an IAM role, no further configuration is needed and Object Mount will automatically authenticate using the AWS-managed configuration.

Using Existing Credentials:

You will need the Access Key ID and Access Key Secret for an AWS IAM user with permission to access your S3 buckets. These credentials would need to have been saved when the IAM user was first created.

Creating New Credentials:

Alternatively, create a new IAM user with “programmatic access” (access using keys), by following the AWS User Guide: 🌐 Creating an IAM user in your AWS account.

The steps should be similar to the following:

  1. Log into the AWS S3 Console: 🌐 https://s3.console.aws.amazon.com

  2. Navigate to: Services > IAM

  3. Open Users and click on the Add user button

1. Set a username 2. Select the Programmatic access option 3. Click on Next

  1. On the Set Permissions page:

1. Select Attach existing policies directly 2. Select an existing policy, e.g.: AmazonS3ReadOnlyAccess or AmazonS3FullAccess 3. or Create a new policy that has the s3:ListAllMyBuckets permission and at least the s3:ListBucket and s3:GetObject permissions for each bucket available to the user 4. Click Next

  1. Review and confirm to create the new user

  2. Download the CSV file by pressing the corresponding button

Using & Saving Your S3 Credentials

Depending on your S3 storage platform, you may only be able to see, copy, and save your access credentials at the time you create them. (For increased security, some platforms prevent the display of previously generated credentials.)

Therefore, be sure to copy and record your Access Key ID and Access Key Secret at the time you create them.

Entering Credentials: Object Mount for macOS and Windows

When activating Object Mount in macOS and Windows, you will need to copy/paste these keys with Object Mounts’s graphical interface.

Entering Credentials: Object Mount for Linux

When activating Object Mount for Linux, you can copy/paste your your credentials, or you can import them from a previously saved text file.

See below for instructions (and the syntax required) to save you credentials to a text file to be used for import.

Saving Credentials as a File

A text file can be used to import your S3 credentials when activating a mount in Object Mount for Linux.

Credential files are plain-text and must comply with the proper format defined for your specific cloud provider.

Select your S3 storage provider below for details on syntax and variable naming:

Amazon Web Services

There are two equivalent formats for AWS S3 credential files. Use either one:

aws_access_key_id = <access_key_id>
aws_secret_access_key = <secret_access_key>
region = <region>
aws_access_key_id = <access_key_id>
aws_secret_access_key = <secret_access_key>
region = <region>
AWSAccessKeyId = <access_key_id>
AWSSecretKey = <secret_access_key>
region = <region>
AWSAccessKeyId = <access_key_id>
AWSSecretKey = <secret_access_key>
region = <region>

region is optional.

Object Mount can also use an AWS S3 Access Point instead of a container.

For more details, see the AWS S3 Access Point Support section in the User Guide article: Cloud Path Details .

See the Advanced Guide article Advanced Credential Options for additional credential options and endpoint formatting details.

Securing Your S3 Credentials

You can use any text editor to create the credential file — just remember to change the permissions on the file when you’re done to prevent other users from accessing this sensitive file:

$
chmod 0600 "<path to your credentials file>"
$
chmod 0600 "<path to your credentials file>"

Time Saving Tip

You can combine the creation of the file and securing permissions on the file in a single shell command (insert your credential details):

$
touch credentials.txt ; chmod 0600 credentials.txt ; printf "aws_access_key_id = xxxxxxxxxxxxxxxxxx \naws_secret_access_key = xxxxxxxxxxxxxxxxx \nendpoint=A.B.C.D:PORT" > credentials.txt
$
touch credentials.txt ; chmod 0600 credentials.txt ; printf "aws_access_key_id = xxxxxxxxxxxxxxxxxx \naws_secret_access_key = xxxxxxxxxxxxxxxxx \nendpoint=A.B.C.D:PORT" > credentials.txt

SSee the Advanced Guide article Advanced Credential Options for additional credential options.

Previous
POSIX Explained
Next
Supported S3 Providers