Amazon S3 Support

Amazon S3 support

Cisco Catalyst devices support Amazon Simple Storage Service (Amazon S3), a cloud storage solution from Amazon Web Services (AWS). With this integration, you can expand built-in persistent storage to meet increased demands for file storage, logging, and software management.

  • You get flexible, scalable storage for large software images and higher logging rates.

  • You can distribute software images, service maintenance updates (SMUs), and scripts across multiple devices.

  • You can enhance device capabilities by adding cloud storage to existing onboard resources.

Amazon S3 support overview and details

As software images grow and logging requirements increase, you may need additional storage capacity on your Cisco Catalyst device.

Built-in persistent storage may not be sufficient. Starting with IOS-XE release 17.13.1, Cisco Catalyst 9800 Series Wireless Controllers support Amazon Simple Storage Service (Amazon S3).

Amazon S3 is a scalable cloud storage infrastructure that you can access through a web interface.

With Amazon S3 support, you can supplement onboard storage to meet new operational and maintenance demands.

Restrictions and guidelines

These restrictions and guidelines apply to cloud storage configuration:

  • Only the active device can access the cloud storage.

  • You can establish cloud reachability through any service port, including device management ports or forwarding interfaces on the device.

  • You can create multiple cloud storage configuration profiles for the same Amazon Simple Storage Service (S3) bucket using different configuration parameters.

  • If you host virtual device instances (such as C9800-CL) on AWS, you can use the Identity and Access Management (IAM) role infrastructure to access Amazon Simple Storage Service (S3) storage.

Configure Amazon S3 support (CLI)

Configure Amazon S3 support so your device can use Amazon S3 cloud storage for remote data management and backup.

Before you begin

  • Ensure that connectivity to the cloud is established.

  • Ensure that you have the AWS Identity and Access Management (IAM) access key ID and secret key ID.

  • Ensure that DNS is configured. If DNS is not configured, S3 bucket resolution fails.

Procedure

Step 1

Enter global configuration mode.

Example:

Device# configure terminal

Step 2

Configure an Amazon S3 cloud services profile.

Example:

Device(config)# cloud-services aws s3 profile profile-name

Use only alphanumeric characters for the profile name. The underscore (_) is the only supported special character.

Step 3

Configure the Amazon S3 storage bucket and its mount point.

Example:

Device(config-s3fs-profile)# bucket bucket-name mount-point s3-mount

A bucket is a container for objects stored in Amazon S3.

The mount point is the directory on your local file system where you mount the Amazon S3 bucket.

Note

 

Ensure that DNS is configured.

Step 4

(Optional) Add a description to the Amazon S3 cloud services profile.

Example:

Device(config-s3fs-profile)# description profile-description

You can enter a description of up to 255 alphanumeric characters.

Step 5

(Optional) Configure the management interface to serve as the VRF interface.

Example:

Device(config-s3fs-profile)# vrf mgmt-Intf

By default, the forwarding interface is used.

Step 6

Configure the AWS S3 access credentials.

Example:

Device(config-s3fs-profile)# access-key key-id iam-id secret-key { 0 | 8 } secret-key

Use the access key ID and secret key that were created for the IAM role in the AWS Management Console.

Step 7

Set the Amazon S3 bucket to read and write permissions.

Example:

Device(config-s3fs-profile)# permissions read-write

By default, read-only permission is enabled.

Step 8

Specify the Amazon S3 region where the cloud-based storage is used.

Example:

Device(config-s3fs-profile)# region region

Step 9

Configure the HTTP server URL, the HTTPS server URL, or the IPv4 address, along with the port details.

Example:

Device(config-s3fs-profile)# proxy https-server url-ip port port-num

Step 10

Save the configuration and enable it for Amazon S3 services.

Example:

Device(config-s3fs-profile)# no shutdown

Step 11

Return to global configuration mode.

Example:

Device(config-s3fs-profile)# exit

After completing these steps, you can securely access Amazon S3 storage buckets and manage cloud storage operations through the CLI.

Verify Amazon S3 support

To view a summary of all the Amazon S3 profiles, use this command.

Device# show cloud-services aws s3 summary 

Profile Name                      Profile Status  Service Status   
-----------------------------------------------------------------
test                              Started         Active           

test2                             Started         Active

To view the operational information of a Amazon S3 profile, use this command.

Device# show cloud-services aws s3 profile s1

Profile Details

Profile Name          : s1
Bucket Name           : pb-s3-test1
Mount Point           : test
Bucket Permission     : Read-Only
Region                : us-west-1
VRF                   : Global

S3 Service Details

Service Status        : Active
Service PID           : 31934
Mount Time            : 09/28/23 17:06:25
Service Log Level     : Notice