How To Set Advanced S3 Options

Overview

This article is for customers who would like to use S3 Infrequent Access Storage, S3 Reduced Redundancy Storage or S3 Server Side Encryption in the following Aspera on Demand products: APOD, SHOD and FOD.

If you don't know how to enable AoD to use S3 for storage, please see our KB article on enabling AoD to use S3 storage.  If you are still investigating Aspera on Demand options and want to learn more, please view the Aspera Cloud site for more info.

Procedure

Setting S3 Infrequent Access Storage in Aspera (available in 3.6.1)

To enable S3 infrequent access storage in Aspera, append ?storage-class=STANDARD_IA to the S3 docroot of the transfer users.  

For example:

s3://access_id:secret_key@s3.amazonaws.com/my_bucket/my_path?storage-class=STANDARD_IA

To learn more about Amazon S3 Infrequent Access Storage, please see Amazon's documentation on S3 Infrequent Access Storage.

Setting S3 Reduced Redundancy Storage (RRS) in Aspera

To enable S3 RRS in Aspera, append ?storage-class=REDUCED REDUNDANCY to the S3 docroot of the transfer users.   

For example:

s3://access_id:secret_key@s3.amazonaws.com/my_bucket/my_path?storage-class=REDUCED_REDUNDANCY

To learn more about Amazon S3 Reduced Redundancy Storage, please see Amazon's documentation on reduced redundancy storage.

Setting S3 Server Side Encryption in Aspera

To enable S3 SSE in Aspera, append ?server-side-encryption=AES256 to the S3 docroot of the transfer users.  

For example:

s3://access_id:secret_key@s3.amazonaws.com/my_bucket/my_path?server-side-encryption=AES256

To learn more about Amazon S3 Server Side Encryption, please see Amazon's S3 Server Side Encryption documentation.

Setting S3 Server Side Encryption KMS in Aspera (available in 3.6.1)

To enable S3 SSE in Aspera, append ?server-side-encryption=AWS_KMS to the S3 docroot of the transfer users.  

For example:

s3://access_id:secret_key@s3.amazonaws.com/my_bucket/my_path?server-side-encryption=AWS_KMS

To learn more about Amazon Server Side Encryption - KMS, please see Amazon's KMS documentation.

Note: It is also possible to set this option system wide.

Setting both Reduced Redundancy and S3 Server Side Encryption

To enable RRS and SSE, append both options to the S3 docroot of the transfer users separated by an &.  

For example:

s3://access_id:secret_key@s3.amazonaws.com/my_bucket/my_path?server-side-encryption=AES256&storage-class=REDUCED_REDUNDANCY

Two ways of modifying a user docroot

1) If your Aspera on Demand product includes Aspera Console, you can set the docroot of the transfer user via Aspera Console.  

 Login to Aspera Console as admin, go to Nodes >edit > Accounts, select the user and go to edit > Docroot, click Override and enter a docroot.

S3_RRS_and_SSE.jpg

 

2) Edit your aspera.conf file if you don't have Aspera Console

ssh into your server as root, open /opt/aspera/etc/aspera.conf,  find the transfer user and update the user docroot in the <absolute>  tab.  If you don't know how to ssh into your server, please see our KB article on accessing your server via SSH.

For example, enabling RRS for user, xfer2.

 

s3_RRS_conf.jpg        

3) Restart asperanoded

              a) ssh to your server as root

              b) execute the following command:

     # service asperanoded restart

 

Verify your S3 advanced option is enabled

Upload a file to your S3 bucket, go to AWS Console Home > S3, select the uploaded file in your S3 bucket and click Properties > Details

If you changed the storage class you should see the Storage Class is set to either standard - Infreqeunt Access or Reduced Redundancy. If you set server side encryption you should see Server Side Encryption is set to AES-256.

 

S3_RRS.jpg

    

 

 

s3_SSE.jpg

 

 

 

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk