IBM Cloud Object Storage S3 account details

To establish a connection to IBM® Cloud Object Storage S3, you must add an account that defines the account details to connect with. You can define these details by creating a configuration object in the App Connect Dashboard, the Red Hat® OpenShift® web console or CLI, or the Kubernetes CLI.

Account parameters

You can define one or more accounts for IBM Cloud Object Storage S3.

For each account that you require, you can specify a new set of account details in any of the following ways:

  • If you are using the App Connect Dashboard, either complete the Account details fields in the Create configuration panel, or specify the account parameters in an accounts.yaml file before importing it into the Create configuration panel. For more information, see Accounts type.
  • If you are using the Red Hat OpenShift web console or CLI, or the Kubernetes CLI, specify the account parameters in an accounts.yaml file, and then use this configuration file to create a configuration object. For more information, see Creating the file for a configuration object of type Accounts.

The set of required and optional Account fields or parameters are listed in the following table.

For information about locating the values for these account parameters, see Locating the values for the account parameters.

Field Parameter Values Condition Description

Account name

name

User defined

Required

The name of an IBM Cloud Object Storage S3 account that is used in the exported flow.

Secret access key

secretAccessKey

User defined

Optional

The secret access key of the instance.

Required if the service instance uses HMAC credentials for authentication.

Access key ID

accessKeyId

User defined

Optional

The access key ID of the instance.

Required if the service instance uses HMAC credentials for authentication.

Region

region

User defined

Optional

The region of the instance.

Required if the service instance uses HMAC credentials for authentication.

IAM API key

apiKey

User defined

Optional

The API key for the instance.

Required if the service instance supports Identity and Access Management (IAM) authentication.

Resource instance ID

resourceInstanceId

User defined

Optional

The resource instance ID.

Required if the service instance supports IAM authentication.

Endpoint URL

endpointUrl

User defined

Required

The Cloud Object Storage service endpoint URL for your location or region. Only public endpoints are supported.


Tip: For a connection to IBM Cloud Object Storage S3, you can only access buckets specific to the location (or region) of the endpoint URL that you specify. For example, if you connect to the us-geo location (such as the Endpoint URL s3.us.cloud-object-storage.appdomain.cloud), you can access buckets that are listed with the same location, us-geo, on the Buckets page of your IBM Cloud Object Storage S3 instance. If you want App Connect to access buckets from more than one location, you can create a separate account for each location.

Locating the values for the account parameters

To obtain connection values for an IBM Cloud Object Storage S3 instance that uses IAM authentication, complete the following steps.
  1. Log in to IBM Cloud.
  2. From the IBM Cloud Dashboard, click the Cloud Object Storage service instance that you want to work with.
  3. To view the endpoint URLs, click Endpoint and select your preferred location or region. Then copy your preferred public endpoint (for example, s3.us.cloud-object-storage.appdomain.cloud) and use it as the value for the Endpoint URL field (or endpointUrl parameter).
  4. To view the service credentials, click Service credentials, then click View credentials. (If you want to define new credentials, click New credential.)
    1. Copy the apikey value and use it as the value for the IAM API key field (or apiKey parameter).
    2. Copy the resource_instance_id value and use it as the value for the Resource instance ID field (or resourceInstanceId parameter).
To obtain connection values for an IBM Cloud Object Storage S3 instance that supports HMAC authentication, complete the following steps.
  1. Log in to IBM Cloud.
  2. From the IBM Cloud Dashboard, click the Cloud Object Storage service instance that you want to work with.
  3. To view the endpoint URLs, click Endpoint and select your preferred location or region.
    1. Copy your preferred public endpoint (for example, s3.us.cloud-object-storage.appdomain.cloud) and use it as the value for the Endpoint URL field (or endpointUrl parameter).
    2. Copy your preferred location or region (for example, ap-geo) and use it as the value for the Region field (or region parameter).
  4. To view the service credentials, click Service credentials, then click View credentials. (If you want to define new credentials, click New credential, click Advanced options, then select Include HMAC Credential.)
    1. Copy the cos_hmac_keys/secret_access_key value and use it as the value for the Secret access key field (or secretAccessKey parameter).
    2. Copy the cos_hmac_keys/access_key_id value and use it as the value for the Access key ID field (or accessKeyId parameter).

Examples

Remember: An accounts.yaml file that defines one or more accounts must always begin with the following line:
accounts:

Example 1 (Connecting by using IAM authentication):
  ibmcoss3:
    - name: Account 1
      credentials:
        apiKey: AB1cDEf2GhI3JkLMnoPQrStuv4WX5y6ZaB7c8dEfghiJK
        resourceInstanceId: >-
          crn:v1:bluemix:public:cloud-object-storage:global:a/bcd123efgh4567ij89k0lm23n4567op8:q90rs1tu-234v-5678-9w01-2x3456789012::
      endpoint:
        endpointUrl: s3.us.cloud-object-storage.appdomain.cloud
Example 2 (Connecting by using HMAC authentication):
  ibmcoss3:
    - name: Account 1
      credentials:
        secretAccessKey: 12a3bcd4567890ef123g4567890hij12k1m3n4567o8901p2
        accessKeyId: 1a2dfbc3d45678901ef2g3h45678i90jkl
        region: ap-geo
      endpoint:
        endpointUrl: s3.us.cloud-object-storage.appdomain.cloud