mirror of
https://github.com/seaweedfs/seaweedfs.git
synced 2026-06-13 23:36:45 +03:00
Page:
AWS CLI with SeaweedFS
Pages
A typical step‐by‐step example
AWS CLI with SeaweedFS
AWS IAM CLI
Actual Users
Admin UI OIDC
Admin UI
Amazon IAM API
Amazon S3 API
Applications
Async Backup
Async Filer Metadata Backup
Async Replication to Cloud
Async Replication to another Filer
Benchmark SeaweedFS as a GlusterFS replacement
Benchmarks from jinleileiking
Benchmarks
Cache Remote Storage
Choosing a Filer Store
Client Libraries
Cloud Drive Architecture
Cloud Drive Benefits
Cloud Drive Quick Setup
Cloud Monitoring
Cloud Tier
Cluster Plan Day 2 Operations
Cluster Plan Inventory Reference
Cluster Plan Workflow
Components
Configure Remote Storage
Cryptography and FIPS Compliance
Customize Filer Store
Data Backup
Data Structure for Large Files
Deployment to Kubernetes and Minikube
Deployment with seaweed up
Directories and Files
Distributed POSIX Locks
Distributing AI Model Files for Multi GPU Loading
Docker Compose for S3
Docker Image Registry with SeaweedFS
Doris Iceberg Integration
Dremio Iceberg Integration
DuckDB Iceberg Integration
EC Bitrot Detection
Environment Variables
Erasure Coding for warm storage
Error reporting to sentry
FAQ
FIO benchmark
FUSE Mount
Failover Master Server
File Operations Quick Reference
Filer Active Active cross cluster continuous synchronization
Filer Cassandra Setup
Filer Change Data Capture
Filer Commands and Operations
Filer Data Encryption
Filer JWT Use
Filer Metadata Events
Filer Notification Webhook
Filer Operation Serialization
Filer Redis Setup
Filer Server API
Filer Setup
Filer Store Replication
Filer Stores
Filer as a Key Large Value Store
Gateway to Remote Object Storage
Getting Started
HDFS via S3 connector
Hadoop Benchmark
Hadoop Compatible File System
Hardware
Hobbyest Tinkerer scale on premises tutorial
Home
Iceberg Table Maintenance
Independent Benchmarks
Kafka to Kafka Gateway to SMQ to SQL
Kubernetes Backups and Recovery with K8up
Kubernetes ServiceAccount Authentication
Lakekeeper Iceberg Integration
Large File Handling
Load Command Line Options from a file
Master Server API
Migrate Maintenance Scripts to Admin Script Plugin
Migrate to Filer Store
Mount Remote Storage
OIDC Integration
Optimization for Many Small Buckets
Optimization
P2P reading in weed mount
POSIX Compliance
Path Specific Configuration
Path Specific Filer Store
Plugin Worker Scheduling
PostgreSQL compatible Server weed db
Production Setup
Pub Sub to SMQ to SQL
Quick Start with weed mini
Replication
RisingWave Iceberg Integration
Run Blob Storage on Public Internet
Run Presto on SeaweedFS
Rust Volume Server
S3 API Audit log
S3 API Benchmark
S3 API FAQ
S3 Bucket Policies
S3 Bucket Quota
S3 CORS
S3 Conditional Operations
S3 Configuration
S3 Credentials
S3 Lifecycle Architecture
S3 Lifecycle Monitoring
S3 Lifecycle Operator Guide
S3 Lifecycle Troubleshooting
S3 Lifecycle vs Volume TTL
S3 Lifecycle
S3 Nginx Proxy
S3 Object Lock and Retention
S3 Object Versioning
S3 Policy Conditions
S3 Policy Variables
S3 Rate Limiting
S3 Table Bucket Commands
S3 Table Bucket
S3 Tables Security
SFTP Server
SQL Queries on Message Queue
SQL Quick Reference
SRV Service Discovery
Seaweed Message Queue
SeaweedFS Architecture
SeaweedFS Iceberg Catalog
SeaweedFS Java Client
SeaweedFS in Docker Swarm
Security Configuration
Security Overview
Server Side Encryption SSE C
Server Side Encryption SSE KMS
Server Side Encryption
Server Startup via Systemd
Simplest S3 Bucket and User Setup
Spark Iceberg Integration
Store file with a Time To Live
Structured Data Lake with SMQ and SQL
Super Large Directories
Supported APIs vs Minio
System Metrics
TUS Resumable Uploads
TensorFlow with SeaweedFS
Tiered Storage
Trino Iceberg Integration
UrBackup with SeaweedFS
Use Cases
Volume Files Structure
Volume Management
Volume Server API
WebDAV
Words from SeaweedFS Users
Worker
fstab and systemd mount
nodejs with Seaweed S3
rclone with SeaweedFS
restic with SeaweedFS
run HBase on SeaweedFS
run Spark on SeaweedFS
s3cmd with SeaweedFS
weed shell
Clone
11
AWS CLI with SeaweedFS
Chris Lu edited this page 2026-04-02 14:33:24 -07:00
Installation
See https://aws.amazon.com/cli/
On mac or linux: pip install awscli
Configuration
Configure for AWS. The key values do not matter.
$ aws configure
AWS Access Key ID [None]: any
AWS Secret Access Key [None]: any
Default region name [None]: us-east-1
Default output format [None]:
Also, make sure using AWS signature version 4:
$ aws configure set default.s3.signature_version s3v4
And configure the S3 endpoint:
export S3_ENDPOINT=http://localhost:8333
Reverse proxy sub-path configuration
This is undefined behavior as AWS S3 servers always have sub-domains instead of sub-paths.
Use this only if you can't create (sub-)domain and use other port!
AWS CLI appends sub-path before actual path so need to add X-Forwarded-Prefix header (set to /s3 for example)
Example for Caddy web server
redir /s3 /s3/
handle_path /s3/* {
reverse_proxy localhost:8333 {
header_up X-Forwarded-Prefix /s3
}
}
Execute commands
# list buckets
$ aws --endpoint-url $S3_ENDPOINT s3 ls
2019-01-02 01:59:25 newbucket
# list files inside the bucket
$ aws --endpoint-url $S3_ENDPOINT s3 ls s3://newbucket
2019-01-02 12:52:44 6804 password
# make a bucket
$ aws --endpoint-url $S3_ENDPOINT s3 mb s3://newbucket3
make_bucket: newbucket3
# add an object
$ aws --endpoint-url $S3_ENDPOINT s3 cp /etc/passwd s3://newbucket3
upload: ../../../../../etc/passwd to s3://newbucket3/passwd
# copy an object
$ aws --endpoint-url $S3_ENDPOINT s3 cp s3://newbucket3/passwd s3://newbucket3/passwd.txt
copy: s3://newbucket3/passwd to s3://newbucket3/passwd.txt
# remove an object
$ aws --endpoint-url $S3_ENDPOINT s3 rm s3://newbucket3/passwd
delete: s3://newbucket3/passwd
# remove a bucket
$ aws --endpoint-url $S3_ENDPOINT s3 rb s3://newbucket3
remove_bucket: newbucket3
Presigned URL
If authentication is enabled, the url is not accessible without proper credentials. But you can presign a url and access it.
# presign url, default to 1 hour
$ aws --endpoint-url $S3_ENDPOINT s3 presign s3://newbucket/t.txt
http://localhost:8333/newbucket/t.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=some_access_key1%2F20200726%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200726T161749Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=e0cc153209e414ca8168661f57827aa03ab84e7041ef9270ff639bcc519d24f5
# access the url
$ curl "http://localhost:8333/newbucket/t.txt?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=some_access_key1%2F20200726%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20200726T161749Z&X-Amz-Expires=3600&X-Amz-SignedHeaders=host&X-Amz-Signature=e0cc153209e414ca8168661f57827aa03ab84e7041ef9270ff639bcc519d24f5"
Server-Side Encryption with AWS CLI
SSE-KMS
aws --endpoint-url $S3_ENDPOINT s3 cp file.txt s3://bucket/kms.txt \
--sse aws:kms \
--sse-kms-key-id "test-key-123"
SSE-C
# Generate a 256-bit key
openssl rand -base64 32 > key.b64
aws --endpoint-url $S3_ENDPOINT s3 cp file.txt s3://bucket/ssec.txt \
--sse-c AES256 \
--sse-c-key fileb://key.b64
SSE-S3 (Server-managed)
aws --endpoint-url $S3_ENDPOINT s3 cp file.txt s3://bucket/sse-s3.txt \
--sse AES256
OIDC/JWT to S3
For Keycloak and other OIDC providers, you can obtain a JWT and access S3 directly (or use STS to assume a role). See OIDC Integration.
STS (Security Token Service)
Get Caller Identity
Verify your credentials and see who you are authenticated as:
aws --endpoint-url $S3_ENDPOINT sts get-caller-identity
Get Federation Token
Obtain temporary credentials scoped down with an optional session policy (only long-term IAM users can call this):
aws --endpoint-url $S3_ENDPOINT sts get-federation-token \
--name my-session \
--duration-seconds 3600
With an inline session policy to restrict permissions:
aws --endpoint-url $S3_ENDPOINT sts get-federation-token \
--name my-session \
--policy '{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":"s3:GetObject","Resource":"arn:aws:s3:::my-bucket/*"}]}'
For AssumeRole and AssumeRoleWithWebIdentity, see OIDC Integration.
Introduction
- Quick Start with weed mini
- Simplest S3 Bucket and User Setup
- Components
- Getting Started
- Production Setup
- A typical step‐by‐step example
- Benchmarks
- FAQ
- Applications
API
Configuration
- Replication
- Store file with a Time To Live
- Failover Master Server
- Erasure coding for warm storage
- EC Bitrot Detection
- Server Startup via Systemd
- Environment Variables
Filer
- Filer Setup
- Directories and Files
- File Operations Quick Reference
- Data Structure for Large Files
- Filer Data Encryption
- Filer Commands and Operations
- Filer JWT Use
- TUS Resumable Uploads
Filer Stores
- Filer Cassandra Setup
- Filer Redis Setup
- Super Large Directories
- Path-Specific Filer Store
- Choosing a Filer Store
- Customize Filer Store
Management
Advanced Filer Configurations
- Migrate to Filer Store
- Add New Filer Store
- Filer Store Replication
- Filer Active Active cross cluster continuous synchronization
- Filer as a Key-Large-Value Store
- Path Specific Configuration
- Filer Change Data Capture
- Filer Operation Serialization
FUSE Mount
- FIO benchmark
- fstab and systemd mount
- POSIX Compliance
- Distributed POSIX Locks
- P2P reading in weed mount
WebDAV
SFTP Server
Cloud Drive
- Cloud Drive Benefits
- Cloud Drive Architecture
- Configure Remote Storage
- Mount Remote Storage
- Cache Remote Storage
- Cloud Drive Quick Setup
- Gateway to Remote Object Storage
AWS S3 API
- Amazon S3 API
- Supported APIs vs Minio
- S3 Lifecycle
- S3 Lifecycle vs Volume TTL
- S3 Conditional Operations
- S3 CORS
- S3 Object Lock and Retention
- S3 Object Versioning
- S3 API Benchmark
- S3 API FAQ
- S3 Bucket Quota
- S3 Rate Limiting
- S3 API Audit log
- S3 Nginx Proxy
- Docker Compose for S3
S3 Table Bucket
- S3 Table Bucket
- S3 Table Bucket Commands
- S3 Tables Security
- SeaweedFS Iceberg Catalog
- Iceberg Table Maintenance
Iceberg Integrations
- Spark Iceberg Integration
- Trino Iceberg Integration
- Dremio Iceberg Integration
- DuckDB Iceberg Integration
- Doris Iceberg Integration
- RisingWave Iceberg Integration
- Lakekeeper Iceberg Integration
S3 Authentication & IAM
- S3 Configuration - Start Here
- S3 Credentials (
-s3.config) - OIDC Integration (
-s3.iam.config) - Kubernetes ServiceAccount Authentication (IRSA-style)
- S3 Policy Variables
- S3 Policy Conditions
- S3 Bucket Policies
- Amazon IAM API
- AWS IAM CLI
- weed shell - Shell IAM Commands
Server-Side Encryption
S3 Client Tools
- AWS CLI with SeaweedFS
- s3cmd with SeaweedFS
- rclone with SeaweedFS
- restic with SeaweedFS
- nodejs with Seaweed S3
Machine Learning
HDFS
- Hadoop Compatible File System
- run Spark on SeaweedFS
- run HBase on SeaweedFS
- run Presto on SeaweedFS
- Hadoop Benchmark
- HDFS via S3 connector
Replication and Backup
- Async Replication to another Filer [Deprecated]
- Async Backup
- Async Filer Metadata Backup
- Async Replication to Cloud [Deprecated]
- Kubernetes Backups and Recovery with K8up
Metadata Change Events
Messaging
- Structured Data Lake with SMQ and SQL
- Seaweed Message Queue
- SQL Queries on Message Queue
- SQL Quick Reference
- PostgreSQL-compatible Server weed db
- Pub-Sub to SMQ to SQL
- Kafka to Kafka Gateway to SMQ to SQL
Use Cases
Operations
- System Metrics
- weed shell
- Data Backup
- Deployment to Kubernetes and Minikube
- Deployment with seaweed-up
Rust Volume Server
Advanced
- Large File Handling
- Optimization
- Optimization for Many Small Buckets
- Volume Management
- Tiered Storage
- Cloud Tier
- Cloud Monitoring
- Load Command Line Options from a file
- SRV Service Discovery
- Volume Files Structure
Security
- Security Overview
- Security Configuration
- Cryptography and FIPS Compliance
- Run Blob Storage on Public Internet