You will only need to use these access credentials once, during the set up of Yarkon, as described later on in this guide.
We start with creating the policy:
Important: The above policy allows full access to all buckets. If you want to limit access to specific buckets, change the Resource lines.
For instance, if you want to allow access to the buckets yarkons3-finance and yarkons3-sales, change the policy to the following:
Next, we need to create a user.
Browse to the Admin Console of Yarkon Cloud, using https://ce-wasabi.yarkons3.com. As this is the first time you are accessing the service, use the Sign Up Now! link, next to the Login Now button.
The set up is a wizard like step-by-step user experience that will guide you through the steps required to set your company up with a Yarkon subscription.
Go through the Welcome screen and click the Next button to proceed. In the Contact Details put in your contact and the email address you’d like to associate with this account. Note that Yarkon uses your email as a uniquely identifying username for logging in to the system. When your user account is created, a temporary password will be generated for you by the system, and will be sent to this email address, so make sure to use a valid one.
Next, you tell Yarkon how to access your Wasabi Account.
In the Access Keys form, enter the API Access Keys you created before and downloaded into the CSV file. You can optionally use the Validate button to verify that the access keys you entered could be used by Yarkon. If the keys are invalid for whatever reason, Yarkon will provide feedback to help you resolve the issue.
Choose the Security Model you would like to use. For more details, please review this document. If you are just starting with IAM, it is recommended you’d start with the simpler Shared Security Model. You can always change it later – see the document on how to set up Yarkon Cloud for integrated security.
If you choose the Integrated Security Model, you will have to choose the IAM role you would use for this IAM integration from the drop-down. For more details, please review the aforementioned document, and specifically the section describing how to create a role. The easiest way to ensure the API Access keys you use here have sufficient permissions for this IAM integration, is to attach the policy you created for the role to these keys (specifically, the required IAM permission is ListRoles).
When you are done with the keys, move to the next step – S3 Region – and choose from the drop-down the region you use. While the Yarkon client application would work with any region choice you make here, it is preferable to choose the region where most of your buckets are hosted. If you are unsure, use the default which is US Standard.
The final step of the process is used for verification. Review the details displayed to ensure all are correct. If you want to make changes, you can use the Update button available for each section. When done, click the Done button to have the system proceed to create your administrator user account and set up Yarkon for your Wasabi account.
The system might take a moment to complete the registration after going through some back-end validation process. After it completes, it will send an email with your login credentials to the address you entered before.
Use the temporary password sent to you by email to login to Yarkon for the first time. The system will prompt you to replace the automatically generated temporary password with whichever password you choose.
Note that the same password is used to log in to the Yarkon client application.
Next, add end user account. Use the Users section from the left navigation pane, then click the Add button and fill in the details of each user. When using the Shared Security Model, as we do in this guide, there is no need to specify anything IAM related. When using the Integrated Security Model, you will have to specify the user name, group or role through which permissions are granted.
When a user is added to Yarkon, a temporary password would be automatically generated for the user by the system, and sent to the user by email. This email will include the full details on how to log in to Yarkon using the web client application. On first log-in, the user would have to choose their password. The end user will only have access to the buckets defined by you when setting up the security policy.