S3 Bucket Questions
Hi,
We want to use S3 as repository so have the following questions.
- All business data must be encrypted please let us know what type of s3 bucket encryption you want to use - client side / server side?
- Specific policy requirements - i.e KMS Server Side Encryption
- Does the bucket need versioning?
- Does the bucket need logging?
- Does the bucket need replication? If it does, are there any specific requirements for the replication bucket?
- Lifecycle rules:
- When should objects in the bucket be moved into a different storage type or deleted?
- Does the same rules apply to the replica bucket?
Can someone please provide feedback on the above questions? When creating repository within Pega, we configure bucket name and AWS keys. Is the all needed for Pega irrespective of how the bucket has been set-up in Amazon?
Regards,
Bharat
Pegasystems Inc.
IN
Hi,
To answer first question AWS key is optional, as AES encryption is used by amazon for all files which are kept in S3
Versioning is also based on your design. If you choose to use versioning only the modified part goes to the newer version
Logging is gives you details about the activity performed on S3, so if you want to keep track of activities then it would be helpful
Duplicate buckets would not be needed as Amazon has some 99% durability, so you data should be safe
If you define lifecycles then the data saved in S3 would be following its timeline, so it completely up to your design and maintenance requirement
Based on your lifecycle design, the data which is no longer in use can be moved to other storage type glaciers
Replica buckets will have there own lifecycle, so you can define them explicitly.
Hope this helps
Thank You
Accenture
GB
Thanks Shekar, I also wanted to know if all that Pega is need is just the Bucket Name, Root Path, Access Key id and Secret Access Key irrespective of how the bucket has been configured on s3 side?
Regards,
Bharat
Updated: 20 Jun 2018 10:03 EDT
Pegasystems Inc.
IN
Apart from what you have mentioned, storage/class/pegacloudfilestorage:/kmsencryptionkeyid is also needed.
Thank You
Accenture
GB
Thanks, why do i need this key id? When configuring the repository rule in Pega, there is no mention of kmsencryptionkeyid. If Bucket uses KMS Keys for encrpytion, when i upload/download the artifacts from repository, how does this feature work with KMS encrypted buckets?
Pegasystems Inc.
IN
Not really sure maybe for pega cloud customer we provide this as JVM argument, if you using Pega cloud then you can get this clarity from Cloud team. I do see this looks like an optional parameter, little different variant of your query but should answer for initial query
https://collaborate.pega.com/question/how-map-directory-path-file-listeners-pega-cloud
Thank You
Accenture
GB
Thanks Shekar. Does S3 Repository in Pega 7.3.1 support KMS encrypted buckets? What extra steps should be configured in Pega in order for us to import/export Pega artefacts into S3 bucket?
Regards,
Bharat
Pegasystems Inc.
IN
Yes pega supports KMS encrypted bucket.
Also you need SFTP configured for using S3 bucket if you using Pega cloud. For all this I guess you would need to raise a cloud ticket with pega.
Thank You