Getting Started
Customers may access buckets through a DNS-style or virtual host interface, as well as through the web GUI:
- DNS-style interface: https://$bucketname.$endpoint/$path/
- Virtual host interface: https://$endpoint/$bucketname/$path
- https://lyve.seagate.com/signin
Where $endpoint is: s3.lyve.seagate.com
Lyve Cloud Object Storage supports access only on port 443, using TLS v1.2 or later.
Roles and types (account identities)
There are three distinct roles for those who access the Lyve Cloud Object Storage:
Role |
Description |
---|
Admin |
Can manage users and policies, with the exception of the root account. |
Root |
The initial and main identity of the customer account. Direct customer root identities can also create access/secret key pairs for access. The root account cannot be deleted. |
User |
Can perform operations on buckets according to the policies that are attached. A user can change their own password and create access/secret key pairs for access. |
The root identity is assigned to the owner of the customer account.
Access and configuration
To access the account, use the following URL: https://lyve.seagate.com/signin.
If resetting the password, the user must wait one minute before repeating a password reset request. No error is returned if the user does not respect the minimum interval between requests.
Once logged in, you can go to the account page to configure multifactor authentication (MFA), change the account password, and generate access/secret keys. To access the account page, select your profile in the upper right corner of the navigation bar, and then select My Account.
Create a bucket
Each bucket is a container for objects. To create a bucket, complete the following steps.
- Select Buckets in the top navigation bar.
- Click on the Add Bucket icon in the upper right corner.
- In the dialog, enter the required information. Select the sites where your bucket will be replicated.
If this option is not available, contact your admin as they may have disabled this setting.
- Using access mode, buckets can be set as 'Private', 'Public', or 'Custom'. Check the boxes for the permissions that you want to provide. All new buckets are private by default.
The format for accessing a public bucket is: https://bucketname.endpoint/path where there is case sensitivity in the letters. Such as:
https://samplefiles.s3.us-west-1.sv15.lyve.seagate.com/Sample.jpeg
All new buckets are private by default. Granting public access permissions means that anyone can access files in the bucket.
To change the access mode for an existing bucket:
- Select Buckets in the top navigation bar.
- Select the Wrench icon in the 'Actions' column and select an access mode.
Delete a bucket
To delete a bucket, typically you have to empty all of its objects and folders, and then delete all of its associated policies. Lyve Cloud Object Storage offers an option to delete the bucket and all of its contents.
To delete a bucket:
- Select Buckets in the top navigation bar.
- In the 'Actions' column, select the Trash icon.
- Use the dropdown menu to select your delete option. If you delete a bucket and all of its contents, do not close or refresh your browser while operations are in progress. Note that the command may need to be run several times.
Create users
To create a new user:
- Select Users in the menu bar, and then select the Add icon.
- Enter the email address you want to give access to. The email address is not validated. It's only used for login purposes or to send password reset links.
- Select Create User.
- On the Users page, select the user's email to edit their permissions.
A notification is not sent to the user automatically. The user must be notified separately. In the case of a password reset, you can send a reset link to the email used in the account credentials.
Create policies
To create policies in your bucket:
- Select Policies in the top navigation menu.
- Select the Create Policies button in the top right corner.
- Enter a name and description for your new policy.
- Select a bucket under the naming schema, and then select the permissions to apply to that bucket.
- Select Save.
Generate access keys
It is important to note the following about access keys.
- A root user without an {AccessKeyID, SecretAccessKey} pair cannot generate a presigned link. The request will not send a valid credentials object and will fail.
- The current user cannot generate a presigned link without an {AccessKeyID, SecretAccessKey} pair.
- The root user of an account does not have an {AccessKeyID, SecretAccessKey} pair generated for them by default.
To create application credentials (access/secret key pairs) for the account:
- Using the web GUI, select your name in the upper right corner, and then select My Account.
- Select + GENERATE KEY in the bottom right corner.
- Download the CSV key and manage as you normally would, such as with a password manager.
- Once downloaded, use your favorite .CSV compatible application (Excel, Google Sheets, Numbers) to view the contents. For a onetime view, select the Eye icon for the secret key.
Note that multiple key pairs may be created for an account.
Set up multifactor authentication
To set up multifactor authentication:
- Using the web GUI, select your name in the upper right corner, and then select My Account.
- Select ENABLE 2FA.
- A dialog appears displaying a QR code and a secret key. Most MFA apps will ask you to scan the QR code to confirm the setup. The MFA app will then provide a token that needs to be entered into the available space below the QR code.
- Once the setup is complete, a number of recovery keys will be given in case you lose access to your MFA device. Make sure to copy these and keep them in a safe place. This will be the only way to recover your locked account.
IP Protect
IP Protect is a feature that enables granular whitelisting to resources for customer users. It allows you to explicitly ensure that only a specific IP address or range of IP addresses has access to a specific resource.
- You can remove all restrictions by using 0.0.0.0/0 as the whitelisted IP address.
- IP Protect currently works with IPv4 and is not designed for IPv6.
To access IP Protect:
- In the web GUI, use the dropdown menu in the top navigation bar to select the customer account.
- Select ADD RULE.
Requests from a customer account will require approval from the reseller administrator.