Enabling client access from an S3 app
For S3 client apps to access the ONTAP S3 server, the ONTAP S3 administrator must provide configuration information to the S3 user.
The S3 client app must be capable of authenticating with the ONTAP S3 server using AWS Signature Version 4. Earlier signature versions are not supported by ONTAP S3.
The ONTAP S3 administrator must have created S3 users and granted them access permissions, as an individual users or as a group member, in the bucket policy or the object storage server policy.
The S3 client app must be capable of resolving the ONTAP S3 server name, which requires that ONTAP S3 administrator provide the S3 server name (FQDN) and IP addresses for the S3 server's LIFs.
To access an ONTAP S3 bucket, a user on the S3 client app enters information provided by the ONTAP S3 administrator.
Beginning with ONTAP 9.9.1, the ONTAP S3 server supports the following AWS client functionality:
- user-defined object metadata:
A set of key-value pairs can be assigned to objects as metadata when they are created using PUT (or POST). When a GET/HEAD operation is performed on the object, the user-defined metadata is returned along with the system metadata.
NoteTo enable clients to get and put tagging information, the actionsGetObjectTagging, PutObjectTagging, and DeleteObjectTagging need to be allowed using the bucket or group policies. - object tagging:
A separate set of key-value pairs can be assigned as tags for categorizing objects. Unlike metadata, tags are created and read with REST APIs independently of the object, and they implemented when objects are created or any time after. Tags can also be used in condition policy statements for bucket and user policies.
For more information, see the AWS S3 documentation.