Before configuring PowerScale CloudPools on the PowerScale cluster, AWS needs to be configured properly. The following are the general considerations and best practices when configuring AWS for CloudPools.
- URI for CloudPools: The URI is region-specific. For example, the URI for region us-west-1 is https://s3.us-west-1.amazonaws.com. The mapping region needs to be set when configuring the CloudPools on the PowerScale cluster. For more details about AWS Regions and Endpoints, see the document AWS Regions and Endpoints on the AWS website. You need to ensure that the default URI is used for CloudPools. You cannot add any prefix in the URI, such as https://prefix.s3.us-west-1.amazonaws.com.
- CloudPools support of Amazon S3: CloudPools supports S3 Standard. CloudPools does not support other Amazon S3 storage classes. For more details about Amazon S3 storage classes, see the document Amazon S3 Storage Classes.
- Identity and access management (IAM): An IAM user needs to be created with proper permissions before setting up CloudPools on a PowerScale cluster. CloudPools uses the IAM user to manage buckets and objects for CloudPools operations. The policy AmazonS3FullAccess needs to be attached to the IAM user. The secret key can be created following the process of Managing Access Keys for IAM Users.
- Cost and usage report: The cost and usage report need to be enabled in AWS. See the document Creating an AWS Cost and Usage Report for details. You can specify an existing bucket or create one for the report. The bucket is used as the telemetry reporting bucket when configuring CloudPools and OneFS will generate XML files to track the usage data for AWS.
- Commercial cloud services (C2S): The client certificate must be granted authorization to access specific IAM roles within one or more C2S accounts. Interaction with C2S Access Portal requires an X.509 client certificate signed by an appropriate Government Certificate Authority (CA). Work with your government contact to obtain a client certificate.