Synchronization to an external bucket involves assigning roles and permissions to users, creating and synchronizing the buckets, and then reading from and writing to the buckets.
This description of high-level tasks assumes three classes of user:
- An HCP for cloud scale system administrator to create roles and assign them to users using an IdP
- An HCP for cloud scale bucket administrator, who could be a tenant administrator, to create and configure an HCP for cloud scale bucket
- An Amazon Web Services (AWS) user, who could be a customer, to create a remote bucket using AWS S3 and then read and write data
Note: The default HCP for cloud scale account has full permissions and can perform the tasks assigned to the first two user classes.
- The system administrator assigns permissions to the bucket administrator to configure bucket synchronization.
- In the System Management application, create a role with the permission group bucket_sync.
- In the IdP server, set up two groups: bucket administrators and bucket users.
- In the IdP server, register users in these groups.
- In the System Management application, assign the role to the bucket administrator group.
- The bucket administrator creates local and remote buckets.
- The bucket administrator configures bucket synchronization between the HCP for cloud scale bucket and the S3 bucket using an S3 PUT Bucket Replication method, replacing the bucket's Amazon Resource Name (ARN) with configuration settings. By using multiple rules and filters, the bucket administrator can specify what objects are synchronized to the S3 bucket.
- The bucket administrator sets access control lists to let the bucket user write data to the HCP for cloud scale bucket.
- Using a management API, get the user ID of the bucket user.
- Using an S3 API, assign write permission to the bucket user for the HCP for cloud scale bucket.
- The AWS user is now free to write objects to the HCP for cloud scale bucket, which is now synchronized with the remote bucket.