S3 access is very similar to HTTP access. The MGM runs on port 8000 and the FSTs on port 8001.
The workflow is the same as with other protocols. The initial point of contact is the MGM which will generate a redirection link to communicate with the FST.
When accessing EOS via S3, a signature verification is done. If the verification succeeds, from this point forward, the S3 access key will be considered the user identity and the system will try to match it with an existing Unix user. Because of this, it is very important that the users declared for S3 access also exist as Unix users on the system.
Within the S3 protocol, users are identified by an access key and secret key pair. Buckets are associated to users and they constitute the place where users write or read from.
Within EOS, users and buckets are registered as attributes of the /eos/<instance>/proc path.
attr set sys.s3.id.<s3user>=<secretkey> /eos/<instance>/proc
<s3user> - the access key in S3 terminology
Note: make sure that the <s3user> also exists as a Unix user on the system
attr set sys.s3.bucket.<s3user>=<bucket> /eos/<instance>/proc
attr set sys.s3.path.<bucket>=<eospath> /eos/<instance>/proc
Multiple buckets can be separated using the | separator.
attr set sys.s3.id.s3user=<secretkey> /eos/test/proc
attr set sys.s3.bucket.s3user=testbucket /eos/test/proc
attr set sys.s3.path.testbucket=/eos/test/buckets3 /eos/test/proc
This will declare s3user and assign testbucket to him. Internally, testbucket is mapped to the following path: /eos/test/buckets3.