How to obtain eodata S3 keys through My DataLake Services

S3 is an object storage service with which you can retrieve data over HTTPS using REST API. To use it, one must have a pair of credentials called secret and access keys. In this article, you will be able to generate these keys through My DataLake Services.

Prerequisites

No. 1 Account

You need a profile on My DataLake Services: How to create a profile on My DataLake Services.

No. 2 Administrative privileges within a project

You need to be a member of a project and have administrative privileges in it. That project must be accepted by an operator of My DataLake Services.

To learn how to create a project, check How to create a project on My DataLake Services.

Alternatively, you can join an existing project and its admin can grant you admin privileges.

Available S3 keys in My DataLake Services

Generally speaking, S3 keys can be used to access

EO data

from Copernicus or other satellites

object storage data

from containers in the cloud, for instance, in an OpenStack environment.

In My DataLake Services, there are services for both of these data types – they are called eodata and s3-object-storage, respectively.

You can use only one or the other, or you can use both at the same time. In this article, we present working with eodata service only.

Get access and quota for eodata

Assuming this is the very first time you are asking for roles and quotas, the general situation will be like this:

../../_images/new-s3cmd-download-12-v3.png

You were given basic access to hda service automatically.

Click on Request access in the first row, requesting access to eodata.

Access roles

For eodata, there is only one access role:

eodata-basic

Access to EOData repository.

Access to S3 Keys Manager for the user.

Although there is only one, you still have to click on Select role circle.

../../_images/new-s3cmd-download-13-cut.png

It is mandatory to enter text into field Description of planned activities.

Once you click on button Request role, another part of the screen scrolls up, this time to request quota role.

Quota roles

For eodata, there is only one quota role:

eodata-low

Basic quota for S3 access to EOData repository. Monthly transfer 12 TB.

../../_images/new-s3cmd-download-14_cut.png

Again, although there is only one, you still have to click on Select role circle.

It is mandatory to enter text into field Description of planned activities.

Finish with clicking on Request role and you will see a list of your requests.

In this example, there are only these two for eodata:

../../_images/new-s3cmd-download-15_cut.png

You can initiate role requests for other services – hda, hook etc. Once you finish requesting them, they will all be shown together as PENDING.

Operator approval

The next phase is waiting for the DEDL operator to approve (or disapprove) your requests. When approved, you will see it in the list of Active roles.

List active roles

With option Access -> Active roles from the left side menu, you can see the existing active roles. Here is the situation in which there are active roles for both eodata and s3-object-storage:

../../_images/new-s3cmd-download-64.png

List role requests

Another option, Role requests shows the history of requested roles. Here is a situation in which all access and quota roles have been approved by the operator, for eodata and s3-object-storage:

../../_images/new-s3cmd-download-62.png

Click on Details button to see the exact details of, say, eodata-basic role:

../../_images/new-s3cmd-download-68.png

Getting S3 keys for eodata

Click on main menu option Access -> EO Data S3 keys and then on button Generate S3 key.

../../_images/new-s3cmd-download-65.png

The procedure of generating S3 key for eodata has two parts:

  1. Define expiration date for the keys

  2. Create and store the generated key pair.

A modal window to define the expiration date of the S3 credentials that will be generated.

../../_images/s3cmd-download-36-v2.png

Enter the data directly in format DD/MM/YYYY or click on calendar icon to the right and enter the data with mouse clicks:

../../_images/new-s3cmd-download-66.png

Enter any date you want and confirm. The values of secret and access key now show up:

../../_images/s3cmd-download-37-v2.png

As is usual in these situations, secret key will be shown only this time, so you better copy and store it in a safe place. Access key will be visible later on, so not much precautions are needed here.

../../_images/s3cmd-download-38-v2.png

After saving, you see the list of existing S3 keys to access eodata (currently, there is only one).

How to delete the existing S3 EODATA key pair

You can have several eodata S3 keys at any time. If you know you do not need one (or want to exterminate that S3 pair specifically), there is the Delete button.

After click on Delete, you will have to confirm:

../../_images/new-s3cmd-download-46.png

Warning

Deleting a pair here is just one click away but beware: all the code using the deleted key pair to access EODATA will stop working until you provide another valid S3 key pair!

Can you change roles for eodata service

It is possible to change the role you already have for another one that is available for the service. If there was only one role to start with, it is not possible to change it for something else.

Click on Role requests to see the list of active services and then on button Edit access for eodata row:

../../_images/change-eodata-role--1.png

This is the message you will get:

../../_images/change-eodata-role--2.png

For eodata service, there was only one access role and only one quota role, therefore, there are no other options to choose from.

How to remove access to a service on My DataLake Services

Once you are approved for access to a service, there is no option within My DataLake Services application to stop being attached to that service. You will have to ask Support for changes of that type.

Similarly, if you want to stop being an owner of a My DataLake Services account, ask the same Support to delete it for you.