Amazon S3 on Outposts supports sharing S3 capacity across multiple accounts within an organization by using AWS Resource Access Manager (AWS RAM). With S3 on Outposts sharing, you can allow others to create and manage buckets, endpoints, and access points on your Outpost.
This topic demonstrates how to use AWS RAM to share S3 on Outposts and related resources with another AWS account in your AWS organization.
PrerequisitesThe Outpost owner account has an organization configured in AWS Organizations. For more information, see Creating an organization in the AWS Organizations User Guide.
The organization includes the AWS account that you want to share your S3 on Outposts capacity with. For more information, see Sending invitations to AWS accounts in the AWS Organizations User Guide.
Select one of the following options that you want to share. The second resource (either Subnets or Outposts) must be selected so that endpoints are also accessible. Endpoints are a networking requirement in order to access data stored in S3 on Outposts.
Option 1 Option 2S3 on Outposts
Allows the user to create buckets on your Outposts and access points and to add objects to those buckets.
Subnets
Allows the user to use your virtual private cloud (VPC) and the endpoints that are associated with your subnet.
S3 on Outposts
Allows the user to create buckets on your Outposts and access points and to add objects to those buckets.
Outposts
Allows the user to see S3 capacity charts and the AWS Outposts console home page. Also allows users to create subnets on shared Outposts and create endpoints.
Sign in to the AWS Management Console by using the AWS account that owns the Outpost, and then open the AWS RAM console at https://console.aws.amazon.com/ram/home.
Make sure that you have enabled sharing with AWS Organizations in AWS RAM. For information, see Enable resource sharing within AWS Organizations in the AWS RAM User Guide.
Use either Option 1 or Option 2 in the prerequisites to create a resource share. If you have multiple S3 on Outposts resources, select the Amazon Resource Names (ARNs) of the resources that you want to share. To enable endpoints, share either your subnet or Outpost.
For more information about how to create a resource share, see Create a resource share in the AWS RAM User Guide.
The AWS account that you shared your resources with should now be able to use S3 on Outposts. Depending on the option that you selected in the prerequisites, provide the following information to the account user:
Option 1 Option 2The Outpost ID
The VPC ID
The subnet ID
The security group ID
The Outpost ID
The user can confirm that the resources have been shared with them by using the AWS RAM console, the AWS Command Line Interface (AWS CLI), AWS SDKs, or REST API. The user can view their existing resource shares by using the get-resource-shares CLI command.
Usage examplesAfter you have shared your S3 on Outposts resources with another account, that account can manage buckets and objects on your Outpost. If you shared the Subnets resource, then that account can use the endpoint that you created. The following examples demonstrate how a user can use the AWS CLI to interact with your Outpost after you share these resources.
Example : Create a bucketThe following example creates a bucket named amzn-s3-demo-bucket1 on the Outpost op-01ac5d28a6a232904user input placeholder
aws s3control create-bucket --bucket amzn-s3-demo-bucket1op-01ac5d28a6a232904For more information about this command, see create-bucket in the AWS CLI Reference.
Example : Create an access pointThe following example creates an access point on an Outpost by using the example parameters in the following table. Before using this command, replace these user input placeholder
111122223333example-outpost-access-pointop-01ac5d28a6a232904amzn-s3-demo-bucket1vpc-1a2b3c4d5e6f7g8h9The Account ID parameter must be the AWS account ID of the bucket owner, which is the shared user.
aws s3control create-access-point --account-id 111122223333 --name example-outpost-access-point \
--bucket arn:aws:s3-outposts:us-east-1:111122223333:outpost/op-01ac5d28a6a232904/bucket/amzn-s3-demo-bucket1vpc-1a2b3c4d5e6f7g8h9For more information about this command, see create-access-point in the AWS CLI Reference.
Example : Upload an objectThe following example uploads the file my_image.jpgimages/my_image.jpgexample-outpost-access-pointop-01ac5d28a6a232904111122223333user input placeholder
aws s3api put-object --bucket arn:aws:s3-outposts:us-east-1:111122223333:outpost/op-01ac5d28a6a232904/accesspoint/example-outpost-access-point \
--body my_image.jpg --key images/my_image.jpgFor more information about this command, see put-object in the AWS CLI Reference.
NoteIf this operation results in a Resource not found error or is unresponsive, your VPC might not have a shared endpoint.
To check whether there is a shared endpoint, use the list-shared-endpoints AWS CLI command. If there is no shared endpoint, work with the Outpost owner to create one. For more information, see ListSharedEndpoints in the Amazon Simple Storage Service API Reference.
Example : Create an endpointThe following example creates an endpoint on a shared Outpost. Before using this command, replace the user input placeholder
The user can perform this operation only if the resource share includes the Outposts resource.
aws s3outposts create-endpoint --outposts-id op-01ac5d28a6a232904 --subnet-id XXXXXX --security-group-id XXXXXXXFor more information about this command, see create-endpoint in the AWS CLI Reference.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4