SAVE AS PDF
Cloud Import Service User Manual & Reference Guide
Cloud Import Service 

Was this content helpful?

OPEN MENU CLOSE MENU

Import to Amazon S3

Prerequisites

Before you can configure and submit your import plan, make sure to complete the following steps so that Lyve Import Service can securely access your specified Amazon S3 bucket to import your data.

AWS subscription—Set up an AWS account.

Amazon S3 bucket—Set up a dedicated bucket for your import. To learn more, see Creating a bucket.

Seagate authorizations—Create an IAM role and supporting policy. To learn more, see Providing access to AWS accounts owned by third parties.

Seagate requires the following permissions to perform the import:

  • s3:AbortMultipartUpload
  • s3:CreateBucket
  • s3:DeleteObject
  • s3:GetAccelerateConfiguration
  • s3:GetBucketLocation
  • s3:GetObject
  • s3:GetObjectAttributes
  • s3:ListBucket
  • s3:ListBucketMultipartUploads
  • s3:ListMultipartUploadParts
  • s3:PutObject
 Important—Failure to grant Seagate the permissions above will result in a failed import plan.

Recommendations

Seagate strongly recommends the following best practices:

  • Create a bucket dedicated to your Lyve Import project.
  • Block all public access for your bucket.
  • Ensure bucket versioning is disabled.
  • Ensure server-side encryption is enabled.
  • Create an IAM Permission Policy.
  • Create an IAM Role trusting Lyve Import Service, attaching the IAM policy you created.
  • Disable or delete the role after the cloud import project has ended.
  • Disable or delete the policy after the cloud import project has ended.

Amazon IAM Permission Policy example

{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Sid": "LyveMobilePolicyTemplate", 
            "Effect": "Allow", 
            "Action": [ 
                "s3:PutObject", 
                "s3:GetObject", 
                "s3:ListBucketMultipartUploads", 
                "s3:AbortMultipartUpload", 
                "s3:GetObjectAttributes", 
                "s3:CreateBucket", 
                "s3:ListBucket", 
                "s3:GetAccelerateConfiguration",
                "s3:DeleteObject", 
                "s3:GetBucketLocation",
                "s3:ListMultipartUploadParts"  
            ], 
            "Resource": [ 
                "arn:aws:s3:::{bucketname}", 
                "arn:aws:s3:::{bucketname}/*"
             ]
         }   
     ]
 }

Complete the prerequisites

Gather information

  1. Click Import Plans in the navigation bar. In the Import Plans table, locate the project that you would like to configure the plan for and click the Configure Plan button in the Actions column. Note—If you requested a quote or submitted a deal, you will be able to configure the plan once your project is approved and active.

    2. The plan confirguration wizard appears:

  2. Copy the required information, taking note of Lyve’s S3 Account ID and the External ID. You will need these in the steps that follow. (If you need to update the import destination first, click on the Import Destination step and edit.)

Create an IAM Permission Policy on your bucket

  1. Log in to your AWS Console.
  2. Enter the IAM service.

  3. Select Policies.

    4. Click the Create policy button.

  4. Click on the JSON tab.

  5. Copy the provided JSON script below:
{ 
    "Version": "2012-10-17", 
    "Statement": [ 
        { 
            "Sid": "LyveMobilePolicyTemplate", 
            "Effect": "Allow", 
            "Action": [ 
                "s3:PutObject", 
                "s3:GetObject", 
                "s3:ListBucketMultipartUploads", 
                "s3:AbortMultipartUpload", 
                "s3:GetObjectAttributes", 
                "s3:CreateBucket", 
                "s3:ListBucket", 
                "s3:GetAccelerateConfiguration",
                "s3:DeleteObject", 
                "s3:GetBucketLocation",
                "s3:ListMultipartUploadParts" 
            ], 
            "Resource": [ 
                "arn:aws:s3:::{bucketname}", 
                "arn:aws:s3:::{bucketname}/*"
             ]
         }   
     ]
 }
  1. Paste the copied text into the JSON editor.
  2. Replace {bucketname} with the name of the bucket you want to import your data to.
  3. Click the Next: Tags button.
  4. Add tags (optional) and click the Next: Review button.
  5. On the Review policy page, name the policy LyveMobileAccessPolicy.

  6. .Click Create policy

Create an IAM role trusting Lyve Import Service

  1. In the sidebar, click Roles. Click the Create role button.

  2. On the Select trusted entity page, select Custom trust policy.

  3. Copy the provided trust policy below:

    4. { 
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::{accountid}:root"
			},
			"Action": "sts:AssumeRole",
			"Condition": {
				"ForAnyValue:StringEqualsIfExists": {
					"sts:ExternalId": [
						"{externalid}"
					]
				}
			}
		}
	]
}

  4. Paste the copied text into the JSON editor.
  5. Replace {accountid} with the value you copied for Lyve’s S3 Account ID. Replace {externalid} with the value you copied for External ID.
  6. On the Add permissions page, add the LyveMobileAccessPolicy you created earlier and click Next.

    7. If you have multiple import plans to configure, add the external ID for each plan separated with a comma (,). For example:

    { 
	"Version": "2012-10-17",
	"Statement": [
		{
			"Effect": "Allow",
			"Principal": {
				"AWS": "arn:aws:iam::{accountid}:root"
			},
			"Action": "sts:AssumeRole",
			"Condition": {
				"ForAnyValue:StringEqualsIfExists": {
					"sts:ExternalId": [
						"{firstexternalid}",
    						"{secondexternalid}",
    						"{thirdexternalid}"
					]
				}
			}
		}
	]
}

  7. Click Next to exit the JSON editor.
  8. On the Add permissions page, add the LyveMobileAccessPolicy you created earlier and click Next.

  9. On the Name, review, and create page, enter a Role name, for example, LyveMobileAccessRole.

  10. Review the trusted entity and permissions information:

Ensure the following

  1. “AWS” is paired with the value you copied for Lyve’s S3 Account ID.
  2. “sts:ExternalID” is paired with the value you copied for External ID.
  3. The Policy name is the LyveMobileAccessPolicy you created earlier.

Configure your import plan

After you’ve completed the prerequisites, continue to the next step to enter your access details.

 You must successfully validate your access details and submit your plan before your return shipping label(s) are available for you to download.

Review access details

  1. In Lyve Management Portal, click Import Plans. Click Configure Plan next to an Amazon S3 cloud destination.

  1. Confirm that you’ve completed the prerequisites and click Next.

  1. Enter access details:

  1. Enter your AWS account ID.
  2. Enter your bucket name. The name is case-sensitive and must match exactly.
  3. Confirm the name of the IAM role you created in the prerequisite steps.
  4. Confirm the External ID you created in the prerequisite steps.
  5. (Optional) Enter a name for your folder.
 Each storage device in your project will have a designated folder in your bucket. The device’s serial number will be automatically appended to the folder name at the time of import.

  • Provide a name for Seagate to use to create the folder(s) in your bucket on your behalf. (Recommended)

  • If you leave this field blank, Seagate will create a folder(s) for your files and will use the device’s serial number as its name.

  • Alternatively, if you have an existing folder within your bucket that you would like to import your files to, provide the name of this folder

  • Important—Make sure that your bucket policy does not block folder creation. If you are providing a name for a new folder to be created, ensure that the name follows the Naming Guidelines.

 

  1. Click Validate.
 If the validation fails, check your AWS account ID, bucket name, IAM permission policy, and IAM role, and then revalidate.
  1. Click Next.

Review and submit your import plan

  1. Review your import destination and access details. If you need to make any changes, click the Edit icon.
  2. Check the box to confirm that you’ve read and understand the information in this reference guide.
  3. Click Submit Plan.

Inviting another user to configure an import plan

 

If a different member of your organization needs to configure the import plan for a project, you can invite them to do so in Lyve Management Portal. See Invite Another User to Configure an Import Plan.

Naming guidelines

 Folder names cannot contain forward slash / characters.
Safe characters 
Alphanumeric characters 
0-9 numerals
a-z lowercase letters
A-Z uppercase letters
Special characters
* asterisk
! exclamation point
- hyphen
( parenthesis (open)
) parenthesis (close)
. period
' single quote
_ underscore

 

Characters to avoid 
& ampersand
  ASCII characters
  • ASCII ranges 00–1F hex (0–31 decimal) and 7F (127 decimal)
  • non-printable ASCII (128–255 decimal characters)
@ at sign
\ backslash
^ caret
: colon
, comma
{ curly brace (left)
} curly brace (right)
$ dollar sign
= equal sign
/ forward slash
` grave
< greater-than symbol
> less-than symbol
% percent sign
| pipe or vertical bar
+ plus sign
# pound character
? question mark
" quotation mark
; semi-colon
  space - sequences with spaces, especially multiple spaces, may be lost
[ square bracket (left)
] square bracket (right)

Best practices

See the following knowledge base articles:

Troubleshooting

See the following knowledge base article:

Cloud Import Service User Manual & Reference Guide

Click here to access an up-to-date online versionof this document. You will also find the most recent content as well as expandable illustrations, easier navigation, and search capability.