Configuring aspera.conf for S3

The following example explains how to modify aspera.conf for AWS S3 transfers. You must meet the following prerequisites before modifying aspera.conf:

Note: For Aspera on Demand, you can also enter these settings from Console.
<?xml version='1.0' encoding='UTF-8'?>
<CONF version="2">
<server> 
  <server_name>aspera.example.com</server_name> 
</server>
<aaa>
  <realms><realm><users>
    <user> 
      <name>UserName</name>
      <authorization> 
        <transfer>
          <in>
            <value>token</value>
          </in> 
          <out> 
            <value>token</value> 
          </out>
        </transfer> 
        <token>
          <encryption_key>YourSuperSecretKey</encryption_key>
        </token>
      </authorization> 
      <file_system> 
         <access>
           <paths>
             <path>
               <absolute></absolute>
               <read_allowed>true</read_allowed>     <!-- Read Allowed: boolean true or false -->
               <write_allowed>true</write_allowed>   <!-- Write Allowed: boolean true or false -->
               <dir_allowed>true</dir_allowed>       <!-- Browse Allowed: boolean true or false -->
               <restrictions>                        <!-- File access restrictions. Multiple entries are allowed. -->
                  <restriction>s3://*</restriction>
                  <restriction>!azu://*</restriction>
               </restrictions> 
             </path>
           </paths>
          </access> 
      </file_system>
    </user>
  </users></realm></realms>
</aaa>
</CONF> 

Docroot Restrictions for URI Paths

A configuration with both a docroot absolute path (docrooted user) and a restriction is not supported.

The primary purpose of restrictions is to allow access to certain storage (for example, Amazon S3) for clients that have their own storage credentials. In this case, instead of using docroots in aspera.conf, use a docroot restriction.

Configuration:

<paths>
   <path>
       <restrictions>
           <restriction>s3://*</restriction>
       </restrictions>
   </path>
</paths>

You can also configure restrictions once for all users by setting <restriction> in the default section.

Functionality:

A docroot restriction limits the files a client is allowed to access for browsing and transfers. Files are rejected unless they match any restrictions that are present. Restrictions work for URI paths (for example, s3://*) and are processed in the following order:
  1. If a restriction starts with "!", any files that match are rejected.
  2. If a restriction does not start with a "!", any files that match are kept.
  3. If any restrictions other than "!" exist, and the file does not match any of them, the file is rejected.
  4. Files that fail restrictions during directory iteration are ignored as if they do not exist.