Access Key Overview

The cluster connects to S3 storage using access keys, which provide a more secure and flexible alternative to authenticating with the Aspera node user or system user. Access keys are tied to a specific cloud storage using cloud storage permissions. An access key is restricted to its own storage which allows access control and usage reporting to be segregated by storage.

Aspera Faspex, Shares, Files, and client products can use access key authentication. Aspera client products include Desktop Client, Point-to-Point Client, Enterprise Server, Connect Server, and Drive. For examples of how to use access key authentication with these products, see Using Access Keys in Aspera Products. For more information on using these products, see the product documentation.

For Amazon cloud storage, Aspera recommends using IAM roles and policies to grant permissions to your transfer nodes so they can access content in your S3 buckets. The process is as follows:

  1. Create an S3 access policy. See Creating the Custom S3 Access IAM Policy.
  2. Create S3 Access Key Management IAM role and attach the S3 Access IAM policy to the role. See Creating an IAM Role for S3 Access In the Same AWS Account or Creating an IAM Role for S3 Access to a Separate AWS Account.
  3. Create your access key in the Cluster Manager. See Creating Access Keys in the Cluster Manager.