Connecting to Amazon S3

Important: The Amazon S3 connection supports data bucket present in the region us-east-1 only.
  1. Access the Connections page using one of these:
    Spectrum Management Console:
    Access Spectrum Management Console using the URL: http://server:port/management console, where server is the server name or IP address of your Spectrum Technology Platform server and port is the HTTP port used by Spectrum Technology Platform.
    Note: By default, the HTTP port is 8080.
    Click Resources > Connections.
    Spectrum Discovery:
    Access Spectrum Discovery using the URL: http://server:port/discovery, where server is the server name or IP address of your Spectrum Technology Platform server and port is the HTTP port used by Spectrum Technology Platform.
    Note: By default, the HTTP port is 8080.
    Click Connect.
  2. Click the Add connection button .
  3. In the Connection Name box, enter a name for the connection. The name can be anything you choose.
    Note: Once you save a connection you cannot change the name.
  4. In the Connection Type field, choose Cloud.
  5. In the Cloud service field, choose AmazonS3.
  6. In the Bucket name field, enter the bucket name as defined in your Amazon S3 cloud service. This is the bucket where Spectrum Technology Platform will read and write files.
  7. Enter your access key and secret key assigned to you by Amazon.
  8. In the Storage Type, field select the level of redundancy that you want to allow for data storage.
    Standard
    The default level of redundancy provided by Amazon S3.
    Reduced redundancy
    Stores non-critical and easily-reproducible data at lower levels of redundancy. This provides fairly reliable storage at a lower cost.
  9. In the Encryption section, select the encryption method for the data. You can select server side encryption, client side encryption, or both.
    Server side key
    The data is encrypted and decrypted at the server side. Your data is transmitted in plain text to the Amazon cloud service where it is encrypted and stored. On retrieval, the data is decrypted by the Amazon cloud service then transmitted in plain text to your system.
    You have two options for specifying the key:
    • AWS managed: The key is automatically generated by the Amazon S3 cloud service.
    • Customer provided: Enter the key to be used by the Amazon S3 cloud service to encrypt and decrypt the data on the server side.
    Client side key
    The data is encrypted and decrypted at the client side. The data is encrypted locally on your client system then transmitted to the Amazon S3 cloud storage. On retrieval, the data is transmitted back in an encrypted format to your system and is decrypted on the client system.

    Client side key: Enter the key to be used by your client system to encrypt and decrypt the data.

    If you select both Server side key and Client side key, encryption and decryption is performed at both server and client sides. Data is first encrypted with your client side key and transmitted in an encrypted format to Amazon, where it is again encrypted with the server side key and stored. On retrieval, Amazon first decrypts the data with the server side key, transmitting the data in an encrypted format to your system, where it is finally decrypted with the client side key.

    Note: To use the encryption feature of Amazon S3 cloud, you need to install the Amazon S3 Security JAR files. For more information, see Using Amazon S3 Cloud Encryption.

    For more information about Amazon S3 encryption features, see:

    docs.aws.amazon.com/AmazonS3/latest/dev/UsingEncryption.html

  10. If you want to set access permissions, in the Permissions section, click .

    The three kinds of Grantees are:

    Everyone
    Every one else other than Authenticated Users and Log Delivery group.
    AuthenticatedUsers
    For users who are logged into Amazon.
    LogDelivery
    For users who write activity logs in a user-specified Bucket, if Bucket Logging is enabled.

    For each Grantee, select the desired permissions:

    Open/Download
    Allow the user to download the file.
    View
    Allow the user to view the current permissions on the file.
    Edit
    Allow the user to modify and set the permissions on the file.
  11. To test the connection, click Test.
  12. Click Save.