This section describes the AWS configuration for CloudPools. S3 or C2S S3 can be used as the cloud target, which includes the following:
The example AWS configuration is a general guide when AWS is used for CloudPools. It does not cover all details of AWS configuration for other use cases. Consult the Amazon Web Services (AWS) documentation for more details on AWS configuration.
S3
This section describes how to collect the information about S3 for CloudPools.
- Ensure your AWS account is working properly.
- Log in to the console of AWS at http://aws.amazon.com using your own username and password. Write down the URI and region to connect to Amazon S3. For example, the URI is https://s3.us-west-1.amazonaws.com and region is US-west-1.
- Follow the process in the document Creating an IAM User in Your AWS Account on the AWS website to create an IAM user and assign proper permissions for CloudPools.
- Follow the process in the document Managing Access Keys for IAM Users on the AWS website to create the secret key for the IAM user for CloudPools. As shown in Figure 17, you can see the Access key ID and Secret access key.
Figure 17. Access Key
- Go to My Account > Account Settings from the console of AWS and write down the Account ID as shown in Figure 18.
Figure 18. Account ID
- Follow the process in the document Creating an AWS Cost and Usage Report on the AWS website to enable the cost and usage report. Write down the bucket name which will be used as the telemetry reporting bucket when configuring CloudPools.
Now all Amazon S3 information is gathered for CloudPools.
C2S S3
This section describes how to collect the information about C2S S3 for CloudPools.
- Ensure your AWS account, and C2S S3 are working properly.
- Log in to the console of AWS at http://aws.amazon.com using your own username and password. Write down the URI and region to connect to C2S S3.
- Before configuring the CloudPools C2S account, the Certificate Authority (CA) certificate and C2S Access Portal (CAP) client certificate and private key need to be gathered on the CAP server. You can find the three parts -----BEGIN CERTIFICATE-----<<CERT DATA TRUNCATED>>-----END CERTIFICATE----- for the CA certificate, CAP client certificate, and private key and save it into three files on OneFS. For example, the files are capCA.pem, capClientcert.pem, and capClientcert.key.
- Run the following command to import CA certificate on OneFS.
isi certificate authority import --name <name> <CA certificate path>
- Run the following command to verify the CA certificate.
isi certificate authority list
- Run the following command to import CAP client cert and private key on OneFS. This information will be used when configuring the CloudPools C2S account.
isi cloud certificates import --name <name> <CAP client cert path> <CAP client key path>
- Run the following command to verify the CAP client certificate and private key.
isi cloud certificates list
- Write down the credential provider URI, Agency, Mission, and Role found from the CAP server.
Now all Amazon C2S S3 information is gathered for CloudPools.