As part of the CloudNAS Enterprise plan, administrators can choose to use Amazon S3 as a Cloud Storage Group

Note: For CloudNAS Business and CloudNAS Enterprise, Morro creates a default cloud storage group using Morro Data Cloud. You are not required to use the cloud storage group,


Supported in Plans:

  • CloudNAS Enterprise


Note: If you do not have a Amazon S3 account, visit Amazon S3 Getting Started to create an account.


In order to use Amazon, you will need the following information from your S3 account:

  • Bucket Name
  • Access Key ID
  • Secret Access Key

Bucket Name

Specify a bucket to be used as the data object store. You can find the information about your buckets in the S3 console. The bucket must be the AWS S3-Standard class.

Note: If you do not have a bucket, please create a bucket by clicking on the "Create a Bucket" S3 console. For more information, please refer to the page Create a Bucket.


Access Key ID

Obtain the Key ID from the user you want to use to access the S3 bucket. To find the Key ID:

  • Select IAM from the list of AWS services. 
  • Click "Users" item in the navigation menu
  • Choose the user you want use to connect to the S3 bucket
  • Click on the tab "Security credentials"
  • Find the Key ID in the Access Key ID column.


If you do not have an Access Key ID, then you can generate a new Access Key ID and Secret Access Key.


Secret Access Key

If you do not have your access key or your access key is lost, then you cannot obtain the key from the system. You must generate a new Access Key ID and Secret Access Key pair. For more information on how to create a new key, please refer to the page Managing Access Keys for your AWS Account.


Permissions

You must specify the following permissions for the bucket:

  • Get bucket location and list bucket permission
  • Get federal token permission
  • Put, get, delete object permission in the bucket.


To set the permissions, go to the "Permissions" tab in the "Users" page.



Specify the following json code in the policy field


You can copy and paste the code from below. Update the values for "bucketName" to the name of the bucket in your S3 account.

For example if you bucketname is "my-amazon-s3-bucket", your permission code will look like this. 


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:DeleteObject",
                "s3:GetObject",
                "s3:PutObject"
            ],
            "Resource": [
                "arn:aws:s3:::my-amazon-s3-bucket/*"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetBucketVersioning",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::my-amazon-s3-bucket"
            ]
        },
         {
            "Effect": "Allow",
            "Action": [
                "sts:GetFederationToken"
            ],
            "Resource": "*"
        }
        
    ]
}



Regions

In BYOS, admins do not need to provide the region in which their bucket is located. The bucket can be from any of the AWS regions. The Bucket Name, Key ID, and Application Key will automatically know in which region the bucket is located.




Using Amazon S3

New Accounts

During the account creation process, you must choose a plan that has BYOS-S3 enabled. In the Account Sign-Up process, choose one of the following plans in the window Select your Morro Data plan.

  • CloudNAS Business
  • CloudNAS Enterprise



Select the Region you want to use for the Morro Cloud Data included with your Morro Data account. The default is "Amazon S3 in US (Oregon)".



Complete the Account Sign-Up and log in to your team portal.


Configure your Account

After you create your account, you can create a cloud storage group with Amazon S3.


Go to FILE SYSTEM page to create your cloud storage group.



Click the orange "+" button  and select "Add Cloud Storage" to open the Add Cloud Storage panel.


Add Cloud Storage Panel



Complete the following steps to add the Cloud Storage Gateway

  1. Choose the storage type "Your Object Storage".
  2. Choose the Provider: Amazon S3.
  3. Enter a Name
  4. Enter the S3 account information      
    • Bucket Name
    • Key ID
    • Secret Key


Step 1. Choose your storage type

Choose the object store. To use BYOS-S3, choose "Your Object Storage".


Step 2. Choose your provider

Choose the icon for Amazon S3 from the list of providers.


Step 3. Enter a Name

Choose a name for your Cloud Storage Group and enter it in the Name field. The name is used identify the cloud storage group in your system.


Step 4. Enter your S3 account information

Enter the Bucket Name, Key ID, and Secret Key for your account. The three pieces of information tells Morro Data which S3 bucket to use to store the files managed in this cloud storage group.


Click CREATE to complete the process.


Once the Cloud Storage Group is created, you can create pools and shares within that cloud storage group. For more information on creating pools and shares, reference the article File System - Create Pool and Share.



Notes on Features

Account Permissions

If any changes to the permissions of the S3 account are made, an email will be sent the Morro account administrators. Changes to permissions may cause interruption in service.