Skip to content

Working with Cross Account Accesses

Note

This section is applicable only for region Europe 1.

You need this method for a continuous access to the desired folder for upload. Consider an example where you have an AWS account, where any application resides and this application needs to continuously access IDL folder. In such scenarios, Cross Account Access is useful.

To use this method, you can follow below steps:

  1. To create cross account on which access needs to be provided, use the following endpoint:
1
POST /crossAccounts
1
Content-Type: application/json

Request example:

1
2
3
4
5
6
{
  "name": "testCrossAccount",
  "accessorAccountId": "960568630345",
  "description": "Cross Account Access for Testing",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4"
}

Response example:

1
2
3
4
5
6
7
8
9
{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "testCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:23:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
2. To get the list of Cross Accounts, use the following endpoint:

1
GET /crossAccounts
1
Content-Type: application/json

Response example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
{
  "crossAccounts": [
    {
      "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
      "name": "testCrossAccount",
      "accessorAccountId": "960768132345",
      "description": "Cross Account Access for Testing",
      "timestamp": "2019-09-06T21:23:32.000Z",
      "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
      "eTag": 1
    }
  ],
  "page": {
    "size": 1,
    "totalElements": 1,
    "totalPages": 1,
    "number": 1
  }
}
3. To get the details of the selected cross account, use the following endpoint:

1
GET /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4
1
Content-Type: application/json

Response example:

1
2
3
4
5
6
7
8
9
{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "testCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:23:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
4. To update the selected cross account, use the following endpoint:

1
PATCH /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4
1
Content-Type: application/json

Request example:

1
2
3
4
{
  "name": "updatedTestCrossAccount",
  "description": "Updated Cross Account Access for Testing",
}

Response example:

1
2
3
4
5
6
7
8
9
{
  "id": "0234sd34a23a-11e9-a2a3-2a2sdfw34ce4",
  "name": "updatedTestCrossAccount",
  "accessorAccountId": "960768132345",
  "description": "Updated Cross Account Access for Testing",
  "timestamp": "2019-09-06T21:25:32.000Z",
  "subtenantId": "204a896c-a23a-11e9-a2a3-2a2ae2dbcce4",
  "eTag": 1
}
5. To delete the selected cross account, use the following endpoint:

1
DELETE /crossAccounts/0234sd34a23a-11e9-a2a3-2a2sdfw34ce4

Response example:

1
204 Deleted
6. Once the cross account is created, create cross account accesses to provide the desired access on desired prefix. This can be done by using teh following endpoint:

1
POST /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses
1
Content-Type: application/json

Request example:

1
2
3
4
5
{
  "description": "Access to write to mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE"
}

Response example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
7. To get details of the cross account accesses, use the following endpoint:

1
GET /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses
1
Content-Type: application/json

Response example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
{
  "crossAccountAccesses": [
    {
      "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
      "description": "Access to write to mysubfolder",
      "storageAccount": "dlbucketname",
      "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
      "path": "myfolder/mysubfolder",
      "permission": "WRITE",
      "status": "ENABLED",
      "timestamp": "2019-11-04T19:19:25.866Z",
      "eTag": 1
    }
  ],
  "page": {
    "size": 1,
    "totalElements": 1,
    "totalPages": 1,
    "number": 1
  }
}
8. To get details of the selected cross account accesses, use the following endpoint:

1
GET /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2
1
Content-Type: application/json

Response example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
9. To update the created cross account access, use the following endpoint:

1
PATCH /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2
1
Content-Type: application/json

Request example:

1
2
3
4
{
  "description": "Access to write to mysubfolder",
  "status": "ENABLED"
}

Response example:

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
{
  "id": "781c8b90-c7b6-4b1c-993c-b51a00b35be2",
  "description": "Access to write to mysubfolder",
  "storageAccount": "dlbucketname",
  "storagePath": "data/ten=tenantname/myfolder/mysubfolder",
  "path": "myfolder/mysubfolder",
  "permission": "WRITE",
  "status": "ENABLED",
  "timestamp": "2019-11-04T19:19:25.866Z",
  "eTag": 1
}
10. To delete the created cross account access, use the following endpoint:

1
DELETE /crossAccounts/20234sd34a23a-11e9-a2a3-2a2sdfw34ce4/accesses/781c8b90-c7b6-4b1c-993c-b51a00b35be2

Response example:

1
204 deleted
11. Once the accesses is provided, you can upload data through CLI or using AWS SDK to the desired prefix with the relevant accesses.

Follow these commands to upload the files to S3 bucket:

$ aws s3 cp myobject.objext s3://tgsbucket

upload: ./myobject.objext to s3://tgsbucket/myobject.objext

Follow these commands to download the files from S3 bucket:

$ aws s3 cp s3://tgsbucket/myobject.objext .

download: s3://tgsbucket/myobject.objext to ./myobject.objext

Any questions left?

Ask the community


Except where otherwise noted, content on this site is licensed under the MindSphere Development License Agreement.