Thorn Tech Marketing Ad
Skip to main content
Version: Next

Cloud Connections in StorageLink

Overview

A Cloud Connection defines the requisite setting needed for allowing a folder to connect to a cloud storage location.

In order to use a Cloud Connection, you will need to map it to a Folder. A Folder can be used as a logical mapping, similar to a mount point.

This includes the settings pertaining to the following cloud providers as shown below:

  • S3 bucket name
  • Prefix or relative path with in that bucket
  • The region in which the bucket is located
  • Encryption type for the server side encryption on the bucket
  • Whether you want to use the EC2 instance profile or an AWS access key/secret

  • Here is an example of a Cloud Connection:
  • S3 Bucket: s3://bryce-sandbox
  • S3 Encryption Option: SSE-S3
  • Cloud Connection Credentials: Uses Instance Profile credentials
  • Cloud Connection

    When creating a Cloud Connection to S3, you will need to fill out the following fields:

    S3 URL:

    Enter the S3 Bucket name. Remember to follow the standard S3 Bucket naming convention:

  • Has to be globally unique (cannot conflict with S3 buckets in other AWS accounts)
  • Lowercase letters (no uppercase allowed), numbers, and hyphens
  • Must have fewer than 63 characters

  • Region:

    The AWS region in which the S3 Bucket is located. If left blank the region of the StorageLink server will be used.


    S3 Encryption Option:

    S3 objects are encrypted at the time of upload. The encryption method you define on the Cloud Connection will apply to all subsequently uploaded S3 objects.

  • SSE-S3: The S3 service manages encryption behind the scenes. S3 objects are encrypted at rest, and the S3 service automatically decrypts the object so long as you have read-access.
  • KMS: KMS encryption offers more security value, because KMS key permissions are decoupled from S3 access permissions.
  • No Encryption: Do not override encryption settings, so that objects are encrypted using the S3 bucket's default encryption setting.

  • Cloud Connection Credentials:

    The Use instance profile credentials option leverages the IAM permissions on the EC2 instance. This is the recommended approach, because the access key credentials are handled transparently, and rotated for you automatically.

    If you want to restrict S3 permissions on a per-user basis, select the Use unique credentials option. You can set AWS Access Key credentials on the Cloud Connection. And then each can have their own dedicated Cloud Connection.

    For creating the unique credentials, refer to this documentation.

    First launch

    Upon first launch of an AWS StorageLink server, there will already be a default S3 bucket (named swiftgw-i-ec2_instance_id) configured and no additional connection is required.

    Upload

    To use your own bucket, edit the / folder and change the bucket value.

    Test Connection

    When you have configured all the fields, click Test Connection.

    If all goes well, you should see 3 green checkmarks.

    Test Connection

    Otherwise, check your settings and get this step working before proceeding.

    If you are stuck, you can reach out to us at support@thorntech.com.