- Notes, cautions, and warnings
- S3
- Amazon S3 API support in ECS
- S3 API supported and unsupported features
- Bucket policy support
- Object Tagging
- S3 Object Lock
- Object lifecycle management
- S3 Extensions
- Metadata Search
- S3 and Swift Interoperability
- Create and manage secret keys
- Authenticating with the S3 service
- Using s3curl with ECS
- Use SDKs to access the S3 service
- ECS S3 error codes
- Hadoop S3A for ECS
- Enabling data2 IP in ECS S3
- Cloud DVR
- ECS IAM for S3
- OpenStack Swift
- EMC Atmos
- CAS
- Setting up CAS support in ECS
- Cold Storage
- Compliance
- CAS retention in ECS
- Advanced retention for CAS applications: event-based retention, litigation hold, and the min/max governor
- Set up namespace retention policies
- Create and set up a bucket for a CAS user
- Set up a CAS object user
- Set up bucket ACLs for CAS
- ECS Management APIs that support CAS users
- Content Addressable Storage (CAS) SDK API support
- ECS CAS error codes
- Enabling data2 IP in CAS
- ECS Management REST API
- ECS HDFS
- ECS HDFS Introduction
- Configuring Hadoop to use ECS HDFS
- Hadoop authentication modes
- Migration from a simple to a Kerberos Hadoop cluster
- File system interaction
- Supported Hadoop applications
- Integrate a simple Hadoop cluster with ECS HDFS
- Install Hortonworks HDP using Ambari
- Create a bucket for HDFS using the ECS Portal
- Plan the ECS HDFS and Hadoop integration
- Obtain the ECS HDFS installation and support package
- Deploy the ECS HDFS Client Library
- Configure ECS client properties
- Set up Hive
- Verify Hadoop access to ECS
- Secure the bucket
- Relocate the default file system from HDFS to an ECS bucket
- Integrate a secure Hadoop cluster with ECS HDFS
- Verify that AD/LDAP is correctly configured with a secure Hadoop cluster
- Pig test fails: unable to obtain Kerberos principal
- Permission denied for AD user
- Permissions errors
- Failed to process request
- Enable Kerberos client-side logging and debugging
- Debug Kerberos on the KDC
- Eliminate clock skew
- Configure one or more new ECS nodes with the ECS service principal
- Workaround for Yarn directory does not exist error
- Set up the Kerberos KDC
- Configure AD user authentication for Kerberos
- Secure bucket metadata
- Hadoop core-site.xml properties for ECS HDFS
- Hadoop core-site.xml properties for ECS S3
- External key management
- Document feedback
ECS 3.6.2 Data Access Guide
ECS IAM limitations on entities and objects
ECS IAM has certain limitations on its resources such as naming the entities, characters to be used for the identities, number of policies to be attached to an entity, and the number of resources that can be linked to an entity.
NOTE: Paths are not supported for IAM entities.
ECS IAM entity name limits
| Resource | Limits |
|---|---|
| Names of users, groups, roles, and managed policies |
NOTE: These names are case insensitive.
|
| Inline policy names |
|
| Policy documents | Can contain these Unicode characters: horizontal tab (U+0009), linefeed (U+000A), carriage return (U+000D), and characters in the range from U+0020 to U+00FF. |
ECS IAM entity object limits
| Resource | Limit |
|---|---|
| Users in a namespace | 500 |
| Groups in a namespace | 100 |
| Roles in a namespace | 200 |
| Customer-managed policies in a namespace | 500 |
| ECS IAM users in a group | Equal to user quota in namespace |
| Managed policies that are attached to an ECS IAM group | 10 |
| Managed policies that are attached to an ECS IAM role | 10 |
| Managed policies that are attached to an ECS IAM user | 10 |
ECS IAM entities limits
| Resource | Limit |
|---|---|
| Access keys that are assigned to an ECS IAM user | 2 |
| Access keys that are assigned to the namespace root user | 2 |
| Groups an ECS IAM user can be a member of | 10 |
| Identity providers (IdPs) associated with an ECS IAM SAML provider object | 1 |
| Keys per SAML provider | 1 |
| Permissions boundaries for an ECS IAM user | 1 |
| Permissions boundaries for an ECS IAM role | 1 |
| SAML providers in an AWS account | 10 |
| Tags that can be attached to an ECS IAM user | 50 |
| Tags that can be attached to an ECS IAM role | 50 |
| Versions of a managed policy that can be stored | 5 |
ECS IAM entity character limits
| Description | Limit |
|---|---|
| Path | Only the character slash (/) is supported. |
| User name | 64 characters |
| Group name | 128 characters |
| Role name | 64 characters |
| Tag key | 128 characters |
| Tag value | 256 characters
NOTE: Tag values can be empty. That is, tag values can have a length of 0 characters.
|
| Unique IDs created by ECS IAM | 128 characters |
| Policy name | 128 characters |
| Role trust policy JSON text (the policy that determines who is allowed to assume the role) | 2,048 characters |
| Role session name | 64 characters |
| Max role session duration | 12 hours |
| For inline policies | You can add as many inline policies as you want to an IAM user, role, or group. But the total aggregate policy size (the sum size of all inline policies) per entity cannot exceed the following limits:
NOTE: IAM does not count white space when calculating the size of a policy against these limitations.
|
| For managed policies |
NOTE: IAM does not count white space when calculating the size of a policy against these limitations.
|
| For session policies |
|
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\