S3 Protocol Configuration

Configure the Gateway as described in https://perifery.atlassian.net/wiki/spaces/public/pages/2443810201/Gateway+Configuration?search_id=34739298-d9cd-4317-82d1-7c0b503af387 and then perform these additional steps to use the S3 front-end protocol:

1. Verify the Swarm storage configuration settings (https://perifery.atlassian.net/wiki/spaces/public/pages/2443810131) is correct, which is required for S3 clients to perform actions such as bucket deletion.

2. Edit the gateway.cfg file for S3 use:

   1. Enable the S3 front-end protocol in the [s3] section.

   2. Define indexerHosts for at least one indexer server in the [storage_cluster] section.

3. Create one or more authentication tokens for each S3 client.

When the S3 front-end protocol is in use, the Gateway must be able to query the Swarm Elasticsearch metadata index servers directly. Include as many metadata index servers as needed in the indexerHosts parameter to spread the load and provide fail-over in case one becomes unavailable.

The S3 protocol uses a shared secret key known to the client and the Gateway to provide request validation. The client creates an HMAC signature for every authenticated request and the Gateway must independently recreate the signature to validate the request. The AWS S3 access key and secret key are implemented with Gateway's token-based authentication (https://perifery.atlassian.net/wiki/spaces/public/pages/2443822820#S3ProtocolSpecialTopics-tokens).