Infinit alpha

Creating a storage using Amazon S3

This will guide you through setting up an Amazon S3 bucket or an S3 compatible API such as Minio as a storage resource for Infinit.


Prerequisites

Creating an S3 bucket

Start by navigating to S3 in the AWS Management Console. From here you click Create Bucket. As Amazon S3 buckets must be named uniquely across the entire platform, it's good practice to use your domain name and optionally the region the bucket is hosted in the name.

AWS Management Console create bucket popup

Make a note of the bucket name and region that you chose as you will need this later.

IMPORTANT: Choose your bucket region to be closest to where you will be using it from. This will ensure that you have higher transfer speeds and lower latency when accessing your Infinit volume.

Creating a new AWS user

We will now create a new AWS user which only has access to the bucket we created. We do this to improve the security of the system as in the unlikely event that the credentials are stolen, the thief will only have limited access to your AWS account.

Navigate back to the root of the AWS Management Console and then to Identity & Access Management. Before creating the new user, we will create a custom policy which describes what the user is allowed to access. Click Policies on the left panel, then Get Started, then Create Policy and finally Create Your Own Policy.

The policy below will allow any S3 operation to be performed on the infinit-s3-storage-de-example-com bucket.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "s3:*",
      "Resource": [
          "arn:aws:s3:::infinit-s3-storage-de-example-com",
          "arn:aws:s3:::infinit-s3-storage-de-example-com/*"
      ]
    }
  ]
}

AWS Management Console create user policy

Once the policy has been created, you are ready to create the new user. Navigate to Users on the left panel and click Create New Users. IMPORTANT: Once you've created the user, ensure that you download the user's credentials as you will need these later.

AWS Management Console create user

From the Users view, click on the name of the user that you created, select Permissions and attach the policy that you created for the user.

AWS Management Console attach policy to user

Add AWS credentials to Infinit

Now that the AWS user has been created with the correct policy attached, we can add the user's credentials to Infinit. These credentials are the ones that you downloaded when creating the user.

$> infinit credentials add --as alice --aws --name s3-user
Please enter your AWS credentials
Access Key ID: AKIAIOSFODNN7EXAMPLE
Secret Access Key: ****************************************
Locally stored AWS credentials "s3-user".

NOTE: AWS credentials are only ever stored locally and cannot be pushed to the Hub.

Creating the Infinit silo

With the AWS user's credentials added to Infinit, you can now create the silo.

In addition to providing a name to the silo, you will need to include the bucket name and bucket region. Be careful because the bucket region is not the literal name (Frankfurt) of the region but it's identifier (eu-central-1). Refer to AWS's documentation to find out your region's identifier.

Finally, you will need to specify the name of the credentials you recently registered, s3-user in this example, through the ‑‑account option. The ‑‑path option indicates the name of the folder, within the bucket, that will be used to hold the encrypted data blocks stored by Infinit.

$> infinit silo create --as alice --s3 --name s3-storage --account s3-user --region eu-central-1 --bucket infinit-s3-storage-de-example-com --path blocks-folder
Create storage "s3-storage".

NOTE: You can optionally set the storage class using the ‑‑storage-class flag. The options include Standard, Standard Infrequent Access and Reduced Redundancy.


Prerequisites

  • Have configured your S3 compatible service.
  • Have the region, bucket, endpoint, Access Key ID and Secret Access Key for the service accessible.
  • Infinit installed.
  • An Infinit user.

Services such as Minio give you some of the information you need when you start them up:

Endpoint:  http://192.168.0.17:9000  http://127.0.0.1:9000
AccessKey: J8BHCPZMUFW4P4IUL5E6
SecretKey: +eqc0hKEmI00CzdN0T7PtESjElpYGML7Aw07CZvN
Region:    us-east-1
SqsARNs:

Browser Access:
   http://192.168.0.17:9000  http://127.0.0.1:9000

NOTE: With Minio, you will need to create a new bucket. This can be done either using the web interface or the Minio CLI.

Adding service credentials to Infinit

First, you will need to add your service credentials to Infinit. This can be done using the infinit credentials binary.

$> infinit credentials add --as alice --aws --name minio
Please enter your AWS credentials
Access Key ID: AKIAIOSFODNN7EXAMPLE
Secret Access Key: ****************************************
Locally stored AWS credentials "minio".

NOTE: Credentials are only ever stored locally and cannot be pushed to the Hub.

Creating the Infinit silo

With the service's credentials added to Infinit, you can now create the silo.

$> infinit silo create minio-storage --s3 --account minio --bucket my-bucket --endpoint http://192.168.0.17:9000 --region us-east-1
Create storage "minio-storage".