How to generate and manage EC2 credentials on EO-Lab
EC2 credentials are used for accessing private S3 buckets on EO-Lab FRA1-1 cloud. This article covers how to generate and manage a pair of EC2 credentials so that you will be able to mount those buckets both
on your virtual machines and
on your local computers.
Warning
A pair of EC2 credentials usually provides access to secret data so share it only with trusted individuals.
Prerequisites
No. 1 Hosting
You need a EO-Lab hosting account with access to Horizon interface: https://cloud.fra1-1.cloudferro.com/auth/login/?next=/
No. 2 OpenStack CLI client installed and configured
You need to have the OpenStack CLI operational.
First, it must be installed. You have several options, such as:
After that, you must configure it for access to your EO-Lab FRA1-1 cloud environment.
How to activate OpenStack CLI access to EO-Lab cloud
At this point, you should have access to the cloud environment, using the OpenStack CLI client, meaning the command openstack is operational.
Creating a pair of EC2 credentials
The command to create a pair of EC2 credentials may look like this:
openstack ec2 credentials create -c access -c secret
Parameter c is there to select which values to show. In this case, we show only access and secret, for example:
Save the values for access and secret keys in secure place, as you will certainly use or refer to them again.
Listing EC2 credentials
If you did save the values for access and secret in a file but that file got somehow inaccessible or lost, you do not have to generate a new key pair. List the existing EC2 credentials by executing the following command:
openstack ec2 credentials list -c Access -c Secret -f yaml
The output should contain the list of EC2 credentials:
The syntax is a bit different. Instead of lower case access and secret for a concrete pair of values, the list command uses capital letters for Access and Secret as there may be several key pairs stored in the system. In the image above, indeed there were several such pairs, however, those not of interest for this article were grayed out (for security reasons).
Deleting EC2 credentials
You can delete a pair of EC2 credentials if you want to, say, disable access of people with whom you shared it.
Before deleting, list all EC2 credentials, once again using command openstack ec2 credentials list from above.
Warning
The list command will show all EC2 pairs that exist in the system, so be careful what you choose, save and (possibly) delete!
After that, execute the following command (replace a1ad5502ca34471b96e563f8d779ddda with the access key from the key pair you wish to remove):
openstack ec2 credentials delete a1ad5502ca34471b96e563f8d779ddda
If the command was successful, the output should be empty:
To confirm, list EC2 credentials with openstack ec2 credentials list. The deleted key pair should no longer be on the list.
What To Do Next
EC2 credentials created in this article are used to access object storage buckets from EO-Lab FRA1-1 cloud. If you have not yet created any such buckets, visit this article to learn how to do it: How to use Object Storage on EO-Lab
Using a newly created pair of EC2 credentials, you can access buckets on different platforms, using different methods. The following articles contain more information: