IBM Cloud Docs
Understanding the Object Storage credentials

Understanding the Object Storage credentials

IBM Cloud Object Storage access credentials are configured as key-value pair parameters in IBM Analytics Engine. These parameters start with the prefix fs.cos. followed by an identifier, which you can define, and end with the name of the credential.

Note that you can configure one IBM Analytics Engine service instance to work with multiple Object Storage instances or multiple Object Storage credentials. To differentiate between the different sets of credentials, you use separate identifiers or literals, which you can defined.

The following diagram shows how the Object Storage credentials are used in IBM Analytics Engine.

Authentication to Object Storage resources from IBM Analytics Engine
A description of the read and read-write credential options in Cloud Object Storage

The diagram shows two Object Storage instances with two different data buckets b1 and b2. To distinguish between the two instances, two identifiers are used, cosInstance1 and cosInstance2. Note that the bucket names (b1 and b2) that you use must be the actual names of the existing buckets in Object Storage. You can only choose the name of the identifier so that you can distinguish between Object Storage instances.

Structure of HMAC credentials

For HMAC style authentication, you must define the following parameters in IBM Analytics Engine:

fs.cos.<identifier>.access.key=<Access Key ID>
fs.cos.<identifier>.endpoint=<EndPoint URL>
fs.cos.<identifier>.secret.key=<Secret Access Key>

Note that the endpoint URL has the format s3.direct.us.cloud-object-storage.appdomain.cloud and doesn't require the prefix https://.

Structure of API key credentials

For IAM API key style authentication, you must define the following parameters in IBM Analytics Engine:

fs.cos.<identifier>.iam.api.key=<IAM API Key>
fs.cos.<identifier>.endpoint=<EndPoint URL>

Like for HMAC credentials, the endpoint URL has the format s3.direct.us.cloud-object-storage.appdomain.cloud and doesn't require the prefix https://.