forked from pivotal-cf/docs-pcf-install
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path_filestore_s3_config.html.md.erb
52 lines (48 loc) · 4.36 KB
/
_filestore_s3_config.html.md.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
To use an external S3-compatible filestore for PAS file storage, perform the following steps:
1. Select the **External S3-Compatible Filestore** option and complete the following fields:
* Enter the `https://` **URL Endpoint** for your region.
<br />
For example, in the **us-west-2** region, enter
`https://s3-us-west-2.amazonaws.com/`.
* If you use an AWS instance profile to manage role information for your filestore, select the **S3 AWS with Instance Profile** checkbox. For more information, see [AWS Identity and Access Management](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2_instance-profiles.html) in the AWS documentation.
<%= image_tag("images/external-s3-filestore-instance-profile.png") %>
* Alternatively, enter the **Access Key** and **Secret Key** of the `pcf-user` you created when configuring AWS for PCF. If you select the **S3 AWS with Instance Profile** checkbox and also enter an **Access Key** and **Secret Key**, the instance profile will overrule the Access Key and Secret Key.
* From the **S3 Signature Version** dropdown, select **V4 Signature**. For more information about S4 signatures, see [Signing AWS API Requests](https://docs.aws.amazon.com/general/latest/gr/signing_aws_api_requests.html) in the AWS documentation.
* For **Region**, enter the region in which your S3 buckets are located. `us-west-2` is an example of an acceptable value for this field.
* Select **Server-side Encryption** to encrypt the contents of your S3 filestore. This option is only available for AWS S3.
* (Optional) If you selected **Server-side Encryption**, you can also specify a **KMS Key ID**. PAS uses the KMS key to encrypt files uploaded to the blobstore. If you do not provide a KMS Key ID, PAS uses the default AWS key. For more information, see [Protecting Data Using Server-Side Encryption with AWS KMS–Managed Keys (SSE-KMS)](https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingKMSEncryption.html).
* Enter names for your S3 buckets:
<table border="1" class="nice" >
<tr>
<th>Ops Manager Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td><strong>Buildpacks Bucket Name</strong></td>
<td><code>pcf-buildpacks-bucket</code><br></td>
<td>This S3 bucket stores app buildpacks.</td>
</tr>
<tr>
<td><strong>Droplets Bucket Name</strong></td>
<td><code>pcf-droplets-bucket</code></td>
<td>This S3 bucket stores app droplets. Pivotal recommends that you use a unique bucket name for droplets, but you can also use the same name as above.</td>
</tr>
<tr>
<td><strong>Packages Bucket Name</strong></td>
<td><code>pcf-packages-bucket</code></td>
<td>This S3 bucket stores app packages. Pivotal recommends that you use a unique bucket name for packages, but you can also use the same name as above.</td>
</tr>
<tr>
<td><strong>Resources Bucket Name</strong></td>
<td><code>pcf-resources-bucket</code></td>
<td>This S3 bucket stores app resources. Pivotal recommends that you use a unique bucket name for app resources, but you can also use the same name as above.</td>
</tr>
</table>
* Configure the following depending on whether your S3 buckets have versioning enabled:
- **Versioned S3 buckets**: Enable the **Use versioning for backup and restore** checkbox to archive each bucket to a version.
- **Unversioned S3 buckets**: Disable the **Use versioning for backup and restore** checkbox, and enter a backup bucket name for each active bucket. The backup bucket name must be different from the name of the active bucket it backs up.
<%= image_tag("images/backup-buckets.png") %>
For more information about setting up external S3 blobstores, see the <a href="https://docs.cloudfoundry.org/bbr/external-blobstores.html#enable-s3-versioning">Backup and Restore with External Blobstores</a> topic in the Cloud Foundry documentation.
1. Click **Save**.
<p class="note"><strong>Note</strong>: For more information regarding AWS S3 Signatures, see the <a href="http://docs.aws.amazon.com/AmazonS3/latest/API/sig-v4-authenticating-requests.html">Authenticating Requests</a> topic in the AWS documentation.</p>