Synchronization from an external bucket involves assigning roles and permissions to users, creating and synchronizing buckets, and then reading from and writing to the buckets.
This description of high-level tasks assumes three classes of user:
- An HCP for cloud scale system administrator to create roles and assign them to users using an IdP
- An HCP for cloud scale bucket administrator, who could be a tenant administrator, to create and configure an HCP for cloud scale bucket
- An AWS user, who could be a customer, to create a remote bucket using AWS S3, create an AWS SQS queue, and then configure S3 notifications to SQS
Note: The default HCP for cloud scale account has full permissions and can perform the tasks assigned to the first two user classes.
- The system administrator assigns permissions to the bucket administrator to configure bucket synchronization.
- In the System Management application, create a role with the permission group bucket_sync.
- In the IdP server, set up two groups: bucket administrators and bucket users.
- In the IdP server, register users in these groups.
- In the System Management application, assign the role to the bucket administrator group.
- The bucket administrator creates local and remote buckets.
- The AWS user creates a standard queue in SQS.
- Using an AWS account, create a queue of the type Standard Queue.
- Create a policy document.
- The AWS user configures the remote bucket to send S3 notifications to the AWS SQS queue.
- Add a notification for all object creation events to the remote bucket.
- The bucket administrator configures bucket synchronization between the S3 bucket and the HCP for cloud scale bucket using an S3 PUT Bucket Replication method, replacing the bucket ARN with configuration settings. By using multiple rules and filters, the bucket administrator can specify what objects are synchronized to the local bucket.
- The bucket administrator sets access control lists to let the bucket user read data from the HCP for cloud scale bucket.
- Using a management API, get the user ID of the bucket user.
- Using an S3 API, assign write permission to the bucket user for the HCP for cloud scale bucket.
- The AWS user is now free to read objects from the HCP for cloud scale bucket, which is now synchronized with the remote bucket.