Skip to end of banner
Go to start of banner

pshell and S3 remotes

Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 13 Next »

This page is specific to S3 remote types (eg acacia and AWS) it does not apply to the more specialised banksia service.

If you need more sophisticated policies and lifecycles, you can use the generated ones shown here as a starting point but will have to use awscli to add any customisations.

Setup

An acacia project can be added to your list of pshell remotes by using an arbitrary remote name (eg project123) and supplying the access/secret pair after you select the remote and login. An example is given below:

pshell:/> remote add project123 s3 https://projects.pawsey.org.au
pshell:/> remote project123
 
project123:/>login
Access: xyz
Secret: ***

Info

The info command on a bucket.

Policies

Simple S3 policies can also be automatically created for you, noting that:

  1. Policies are attached to buckets and are a list of statements about actions allowed or denied for that bucket only.
  2. Policies override the default project permissions so care should be taken not to lock yourself out of the bucket.
  3. Any DENY in a policy statement counts as a negative permission overall for that action, even if there is also an ALLOW elsewhere.
  4. Policies only grant visibility of objects in a bucket, not visibility of the bucket itself.


 Examples...

Example1 - give a list of Pawsey usernames (user1, user2, user3, and user4) readonly access to a project bucket called p0002-sfx.

Note: if a user (eg user1) attempts to list buckets they will see nothing. However, if they attempt to list objects inside the bucket it will show the objects inside p0002-sfx/ - see Note 4.

pawsey0002:/>policy p0002-sfx +r user1,user2,user3,user4
Setting bucket=p0002-sfx, perm=+r, for user(s)='user1,user2,user3,user4' 

Example 2 - revoke user3 from having read access to the bucket.

pawsey0002:/>policy p0002-sfx -r user3
Setting bucket=p0002-sfx, perm=-r, for user(s)='user3'

Example 3 -  grant read and write permission on a bucket.

pawsey0002:/>policy p0002-sfx +rw user1
Setting bucket=p0002-sfx, perm=+rw, for user(s)='user1'

Example 4 - make the objects in p0002-sfx readonly and publicly accessible.

pawsey0002:/>policy p0002-sfx +r *
Setting bucket=p0002-sfx, perm=+r, for user(s)=None

Example 5 - remove all policies on a bucket.

pawsey0002:/>policy p0002-sfx -
Deleting all policies on bucket=p0002-sfx




Example 6

This will make the objects in p0002-sfx readonly and publicly accessible.

Lifecycles

Simple S3 bucket lifecycles can also be automatically created for you affecting multi-part uploads and versioning.

Remember to use the pshell command "info mybucket" to check if there are any current lifecycle rules as you may overwrite them with the following examples.


 Examples...

Example 1 - a basic bucket lifecycle that cleans up failed multi-part uploads after 7 days.

pshell> lifecycle mybucket +m 7


Example 2 - a basic bucket lifecycle that turns on versioning and deletes expired non-current objects after 30 days.

pshell> lifecycle mybucket +v 30
  • No labels