How to generate and manage EC2 credentials on WEkEO Elasticity

EC2 credentials are used for accessing private S3 buckets on WEkEO Elasticity WAW3-1 cloud. This article covers how to generate and manage a pair of EC2 credentials so that you will be able to mount those buckets both

  • on your virtual machines and

  • on your local computers.

Warning

A pair of EC2 credentials usually provides access to secret data so share it only with trusted individuals.

Prerequisites

No. 1 Hosting

You need a WEkEO Elasticity hosting account with access to Horizon interface: https://horizon.cloudferro.com

No. 2 OpenStack CLI client installed and configured

You need to have the OpenStack CLI operational.

First, it must be installed. You have several options, such as:

After that, you must configure it for access to your WEkEO Elasticity WAW3-1 cloud environment. See /gettingstarted/How-to-activate-OpenStack-CLI-access-to-WEkEO-Elasticity-cloud-using-one-or-two-factor-authentication

At this point, you should have access to the cloud environment, using the OpenStack CLI client, meaning the command openstack is operational.

Creating a pair of EC2 credentials

The command to create a pair of EC2 credentials may look like this:

openstack ec2 credentials create -c access -c secret

Parameter c is there to select which values to show. In this case, we show only access and secret, for example:

../_images/generate_credentials.png

Save the values for access and secret keys in secure place, as you will certainly use or refer to them again.

Listing EC2 credentials

If you did save the values for access and secret in a file but that file got somehow inaccessible or lost, you do not have to generate a new key pair. List the existing EC2 credentials by executing the following command:

openstack ec2 credentials list -c Access -c Secret -f yaml

The output should contain the list of EC2 credentials:

../_images/several_ec2_pairs.png

The syntax is a bit different. Instead of lower case access and secret for a concrete pair of values, the list command uses capital letters for Access and Secret as there may be several key pairs stored in the system. In the image above, indeed there were several such pairs, however, those not of interest for this article were grayed out (for security reasons).

Deleting EC2 credentials

You can delete a pair of EC2 credentials if you want to, say, disable access of people with whom you shared it.

Before deleting, list all EC2 credentials, once again using command openstack ec2 credentials list from above.

Warning

The list command will show all EC2 pairs that exist in the system, so be careful what you choose, save and (possibly) delete!

After that, execute the following command (replace a1ad5502ca34471b96e563f8d779ddda with the access key from the key pair you wish to remove):

openstack ec2 credentials delete a1ad5502ca34471b96e563f8d779ddda

If the command was successful, the output should be empty:

../_images/removed_ec2_empty.png

To confirm, list EC2 credentials with openstack ec2 credentials list. The deleted key pair should no longer be on the list.

What To Do Next

EC2 credentials created in this article are used to access object storage buckets from WEkEO Elasticity WAW3-1 cloud. If you have not yet created any such buckets, visit this article to learn how to do it: How to use Object Storage on WEkEO Elasticity

Using a newly created pair of EC2 credentials, you can access buckets on different platforms, using different methods. The following articles contain more information: