Preparing to configure cloud-container storage pools for AWS with S3 (off premises)

Before you configure cloud-container storage pools to use Amazon Web Services (AWS) off premises with the Simple Storage Service (S3) protocol, you must obtain information from Amazon that is required for the configuration process.

About this task

AWS account credentials are different from Amazon account credentials. Use the credentials for your AWS account when you configure storage pools in the Operations Center or with the DEFINE STGPOOL command.

AWS uses buckets to store data. AWS buckets are used in the same manner as containers in a cloud-container storage pool. IBM Spectrum® Protect automatically creates a bucket in Amazon for an instance of IBM Spectrum Protect, and that bucket is shared by all pools for that instance.

Restriction: The following restrictions apply.
  • Edit an AWS bucket only with IBM Spectrum Protect, and do not change the data in the bucket or edit the configuration settings for the bucket.
  • For off-premises cloud-container storage pools that use AWS with the Amazon S3 protocol, data is encrypted by default. However, the IBM Spectrum Protect server does not support encryption of the data by using AWS bucket policies.

Procedure

  1. Sign up for an AWS account by going to the Amazon S3 page and clicking Create an AWS Account.
  2. Obtain your AWS credentials:
    1. Go to the Amazon S3 page and click Sign In to the Console.
    2. Select your name and select Security Credentials.
    3. Go to the Access Keys section to locate the Access Key ID and the Secret Access Key fields. Record the values so that you can use them when you configure storage pools.
  3. If you plan to configure storage pools by using the Add Storage Pool wizard in the Operations Center, use the following values for the parameters:
    • Cloud type: Amazon - S3 API
    • Access key ID: access_key_id
    • Secret access key: secret_access_key
    • Region: Select the region endpoint that best fits your location, based on the AWS Regions and Endpoints page. If you select Other, specify a region endpoint URL in the URL field, and include the protocol, usually https://. Typically, you can use the region that is closest to your physical location for the Region parameter. Because an Amazon bucket exists in only one region, you can specify only one endpoint URL for a region. If you require a GovCloud region, specify a URL from the AWS GovCloud (US) Endpoints page.
      Warning: Be sure to use only the AWS endpoint URL for the Region value, such as https://s3-us-west-1.amazonaws.com. Do not use the static website hosting URL for this value.
    • Bucket name: Use the default bucket name generated by the server, or specify a new bucket name.
  4. To define the cloud-container storage pool, issue the DEFINE STGPOOL command with the following values:
    • CLOUDTYPE: S3
    • IDENTITY: access_key_id
    • PASSWORD: secret_access_key
    • CLOUDURL: Specify the region endpoint URL that best fits your location, based on the AWS Regions and Endpoints page.

      Typically, you can use the region that is closest to your physical location for the CLOUDURL parameter. If you require a GovCloud region, specify a URL from the AWS GovCloud (US) Endpoints page.

      Warning: Be sure to use only the AWS endpoint URL for the CLOUDURL value, such as https://s3-us-west-1.amazonaws.com. Do not use the static website hosting URL for this value.

What to do next

Configure cloud-container storage pools for AWS by following the instructions in Configuring a cloud-container storage pool for data storage.