Docs Menu
Docs Home
/
MongoDB Ops Manager
/
API
/
Ops Manager Administration API Resources
/
Backup Administration
/
S3-Compatible Blockstore Configurations

Create One S3 Blockstore Configuration

On this page

  • Resource
  • Request Path Parameters
  • Request Query Parameters
  • Request Body Parameters
  • Response
  • Example Request
  • Example Response
  • Response Header
  • Response Body

Configures one new s3 blockstore.

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/admin/backup

Resource

POST /snapshot/s3Configs

Request Path Parameters

This endpoint doesn't use HTTP request path parameters.

Request Query Parameters

The following query parameters are optional:

Name
Type
Necessity
Description
Default
pretty
boolean
Optional
Flag indicating whether the response body should be in a prettyprint format.
false
envelope
boolean
Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

Name
Description
status
HTTP response code
content
Expected response body
false

Request Body Parameters

Name
Type
Necessity
Description
acceptedTos
boolean
Required

Flag that indicates whether or not you accepted the terms of service for using S3-compatible storage stores with Ops Manager. You must set this to true to create an S3-compatible storage store.

If you set this to false, Ops Manager returns an error. The error states that Ops Manager can't create the S3-compatible storage store.

assignmentEnabled
boolean
Optional
Flag that indicates whether you can assign backup jobs to this data store.
awsAccessKey
string
Conditional

AWS Access Key ID that can access the S3-compatible storage bucket specified in s3BucketName.

If "s3AuthMethod" : "IAM_ROLE", then you don't need to include awsAccessKey.

awsSecretKey
string
Conditional

AWS Secret Access Key that can access the S3-compatible storage bucket specified in <s3BucketName>.

If "s3AuthMethod" : "IAM_ROLE", then you don't need to include awsSecretKey.

customCertificates
array
Optional
List of valid Certificate Authority certificates that apply to the associated S3-compatible storage bucket.
customCertificates[n].filename
string
Optional
Name that identifies the Certificate Authority PEM file.
customCertificates[n].certString
string
Optional
Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain.
disableProxyS3
boolean
Optional
Flag that indicates whether the HTTP proxy should be used when connecting to S3-compatible storage. You don't need to set this value unless you configured Ops Manager to use the HTTP proxy.
encryptedCredentials
boolean
Optional
Flag that indicates whether the username and password for this S3-compatible storage blockstore were encrypted using the credentialstool.
id
string
Required
Name that uniquely identifies this S3 Snapshot Store.
labels
array of strings
Optional

Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores.

Setting these tags limits which backup jobs this S3-compatible storage blockstore can process. If omitted, this S3-compatible storage blockstore can only process backup jobs for projects that do not use labels to filter their jobs.

loadFactor
number
Optional

Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use.

To learn more about Load Factor, see Edit One Existing Blockstore.

pathStyleAccessEnabled
boolean
Required

Flag that indicates the style of this endpoint.

Value
S3 Blockstore Endpoint Style
Example
true
Path-style URL endpoint
s3.amazonaws.com/<bucket>
false
Virtual-host-style URL endpoint
<bucket>.s3.amazonaws.com

To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation.

s3AuthMethod
string
Optional

Method used to authorize access to the S3-compatible storage bucket specified in s3BucketName.

Accepted values for this option are: KEYS, IAM_ROLE.

KEYS or None
Ops Manager uses awsAccessKey and awsSecretKey to authorize access to S3-compatible storage bucket specified in s3BucketName.
IAM_ROLE
Ops Manager uses an AWS IAM role to authorize access to S3-compatible storage bucket specified in s3BucketName. awsAccessKey and awsSecretKey fields are ignored. To learn more, see the AWS documentation
s3BucketEndpoint
string
Required
URL used to access this S3-compatible storage bucket.
s3BucketName
string
Required
Name of the S3-compatible storage bucket that hosts the S3-compatible storage blockstore.
s3MaxConnections
number
Required
Positive integer indicating the maximum number of connections to this S3-compatible storage blockstore.
s3RegionOverride
string
Conditional

Region where your S3-compatible storage bucket resides.

Use this field only if your S3-compatible storage store's s3BucketEndpoint doesn't support region scoping. Don't use this field with AWS S3 buckets.

sseEnabled
boolean
Required
Flag that indicates whether this S3-compatible storage blockstore enables server-side encryption.
ssl
boolean
Optional
Flag that indicates whether this S3-compatible storage blockstore only accepts connections encrypted using TLS.
uri
string
Required
Connection String that connects to the metadata database for this S3-compatible storage blockstore. This database stores the locations of the blocks in the AWS S3-compatible storage bucket.
writeConcern
string
Optional

Write concern used for this blockstore.

Ops Manager accepts the following values:

  • ACKNOWLEDGED

  • W2

  • JOURNALED

  • MAJORITY

To learn about write acknowledgement levels in MongoDB, see Write Concern.

Response

Name
Type
Description
acceptedTos
boolean
Flag that indicates whether or not you accepted the terms of service for using S3-compatible storage with Ops Manager. You must set this to true to create an S3-compatible storage store.
assignmentEnabled
boolean
Flag that indicates whether you can assign backup jobs to this data store.
awsAccessKey
string
AWS Access Key ID that can access the S3-compatible storage bucket specified in s3BucketName.
awsSecretKey
string
AWS Secret Access Key that can access the S3-compatible storage bucket specified in s3BucketName.
customCertificates
array
List of valid Certificate Authority certificates that apply to the associated S3-compatible storage bucket.
customCertificates[n].filename
string
Name that identifies the Certificate Authority PEM file.
customCertificates[n].certString
string
Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain.
disableProxyS3
boolean
Flag that indicates whether the HTTP proxy should be used when connecting to S3-compatible storage.
encryptedCredentials
boolean
Flag that indicates whether the username and password for this S3-compatible storage blockstore were encrypted using the credentialstool.
id
string
Name that uniquely identifies this S3-compatible storage blockstore.
labels
array of strings
Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores.
links
object array

One or more links to sub-resources and/or related resources. All links arrays in responses include at least one link called self. The relationships between URLs are explained in the Web Linking Specification.

loadFactor
integer

Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use.

To learn more about Load Factor, see Edit One Existing Blockstore.

pathStyleAccessEnabled
boolean

Flag that indicates the style of this endpoint.

Value
S3 Blockstore Endpoint Style
Example
true
Path-style URL endpoint
s3.amazonaws.com/<bucket>
false
Virtual-host-style URL endpoint
<bucket>.s3.amazonaws.com

To review the S3-compatible storage bucket URL conventions, see the AWS S3 documentation.

s3AuthMethod
string

Method used to authorize access to the S3-compatible storage bucket specified in s3BucketName.

Accepted values for this option are: KEYS, IAM_ROLE.

KEYS or None
Ops Manager uses awsAccessKey and awsSecretKey to authorize access to S3-compatible storage bucket specified in s3BucketName.
IAM_ROLE
Ops Manager uses an AWS IAM role to authorize access to S3-compatible storage bucket specified in s3BucketName. awsAccessKey and awsSecretKey fields are ignored. To learn more, see the AWS documentation
s3BucketEndpoint
string
URL that Ops Manager uses to access this S3-compatible storage bucket.
s3BucketName
string
Name of the S3-compatible storage bucket that hosts the S3-compatible storage blockstore.
s3MaxConnections
integer
Positive integer indicating the maximum number of connections to this S3-compatible storage blockstore.
s3RegionOverride
string

Region where your S3-compatible storage bucket resides. This field applies only if your S3-compatible storage store's s3BucketEndpoint doesn't support region scoping.

Ops Manager returns this field only if you included it when you created or updated this S3-compatible storage blockstore.

sseEnabled
boolean
Flag that indicates whether this S3-compatible storage blockstore enables server-side encryption.
ssl
boolean
Flag that indicates whether this S3-compatible storage blockstore only accepts connections encrypted using TLS.
uri
string
Connection String that connects to the metadata database for this S3-compatible storage blockstore. This database stores the locations of the blocks in the AWS S3-compatible storage bucket.
writeConcern
string

Write concern used for this blockstore.

Ops Manager returns one of the following values:

  • ACKNOWLEDGED

  • W2

  • JOURNALED

  • MAJORITY

To learn about write acknowledgement levels in MongoDB, see Write Concern.

Example Request

1curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
2     --header 'Accept: application/json' \
3     --header 'Content-Type: application/json' \
4     --include \
5     --request POST 'https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs?pretty=true' \
6     --data '{
7       "id": "{S3-BLOCKSTORE-CONFIG-ID}",
8       "assignmentEnabled": true,
9       "pathStyleAccessEnabled": false,
10       "awsAccessKey": "<access>",
11       "awsSecretKey": "<secret>",
12       "acceptedTos": true,
13       "customCertificates" : [{
14         "filename" : "CA.pem",
15         "certString" : "-----BEGIN CERTIFICATE-----\nMIIDljCCAn4CCQDJjCHAkAafFTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgMAk5ZMQwwCgYDVQQHDANOWUMxEDAOBgNVBAoMB01vbmdvREIx\nDDAKBgNVBAsMA1NXRTEZMBcGA1UEAwwQZXJpbm1jbnVsdHkudGVjaDEnMCUGCSqG\nSIb3DQEJARYYZXJpbi5tY251bHR5QG1vbmdvZGIuY29tMB4XDTIxMDYxMTE1MzY0\nMVoXDTIxMDcxMTE1MzY0MVowgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEM\nMAoGA1UEBwwDTllDMRAwDgYDVQQKDAdNb25nb0RCMQwwCgYDVQQLDANTV0UxGTAX\nBgNVBAMMEGVyaW5tY251bHR5LnRlY2gxJzAlBgkqhkiG9w0BCQEWGGVyaW4ubWNu\ndWx0eUBtb25nb2RiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAOoAv1btxcEgDOdCgyz+/NtyFwa0h/3yGtj+WK7nMzcEntnxG5apHVRZ6eQ4ayZU\nhZNPbNWtcsbTEiRWyywMAd7/DbIa9GhsP1/P6Cv+TnO2krx8qVKQN93j8cme/b6g\n+yeEWMAM2rvfXq/fRTtJbH1Y6c4mYh4312mPrlEfgvAUQZh3DpJQNIVZ5MM2imp0\nfBgcggrNHUniLCT8ogUA4QII8CKIC4ONX4TNtXbsNtcCzKNqvOdcvWXLTYEJav34\nlaJs1YWJx2PSufgHo+JZUeANwwpztkYhr3nUGTD8fr7JF9CO7UlFBTFqs+PeaTJV\nEbnrF26NimsAmRgRPNLE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAe5hAkrhz\nClXg4HPq6U3ONEUVUqQ231gogeUIIQsfn4K89QIFnsm0DC1lE21qHNcD3iHECmDJ\n9R2tXdA0shbc+hM8OHbEW6U31dLrM369PUQmw0GOkFWlYHnX4ySt+zMAjlIrQe7C\nLErYSuLDpjuKvkdpvbcwgkarB9/FPCOhORpAZqduhwUOr28tZzT3/8L7w//+7Yhy\n5ihKgTcP/CmJ+MgLlZqBtQ7lkmKDWXIUlLSRDHEciVGSXgZBreUciNFeMHVvoluc\ndxdsxqMcXgyXwmv7Ck7tCjYRwzwlf3TrcKt8QFijWTbl1Z/3d0/zpjuvR21J0z/3\ns4tNMtQdG6/bHA==\n-----END CERTIFICATE-----"
16       }],
17       "encryptedCredentials": false,
18       "loadFactor": 1,
19       "s3AuthMethod": "KEYS",
20       "s3BucketEndpoint": "s3.amazonaws.com",
21       "s3BucketName": "bucketname",
22       "s3MaxConnections": 50,
23       "sseEnabled": true,
24       "uri": "mongodb://127.0.0.1:27017",
25       "ssl": false,
26       "writeConcern": "ACKNOWLEDGED"
27     }'
1curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
2     --header 'Accept: application/json' \
3     --header 'Content-Type: application/json' \
4     --include \
5     --request POST 'https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs?pretty=true' \
6     --data '{
7        "id": "{S3-BLOCKSTORE-CONFIG-ID}",
8        "assignmentEnabled": true,
9        "pathStyleAccessEnabled": false,
10        "acceptedTos": true,
11        "encryptedCredentials": false,
12        "loadFactor": 1,
13        "s3AuthMethod": "IAM_ROLE",
14        "s3BucketEndpoint": "s3.amazonaws.com",
15        "s3BucketName": "bucketname",
16        "s3MaxConnections": 50,
17        "sseEnabled": true,
18        "uri": "mongodb://127.0.0.1:27017",
19        "ssl": false,
20        "writeConcern": "ACKNOWLEDGED"
21     }'

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

1{
2  "acceptedTos": true,
3  "assignmentEnabled": true,
4  "awsAccessKey": "<access>",
5  "awsSecretKey": "<secret>",
6  "customCertificates" : [{
7    "filename" : "CA.pem",
8    "certString" : "-----BEGIN CERTIFICATE-----\nMIIDljCCAn4CCQDJjCHAkAafFTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgMAk5ZMQwwCgYDVQQHDANOWUMxEDAOBgNVBAoMB01vbmdvREIx\nDDAKBgNVBAsMA1NXRTEZMBcGA1UEAwwQZXJpbm1jbnVsdHkudGVjaDEnMCUGCSqG\nSIb3DQEJARYYZXJpbi5tY251bHR5QG1vbmdvZGIuY29tMB4XDTIxMDYxMTE1MzY0\nMVoXDTIxMDcxMTE1MzY0MVowgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEM\nMAoGA1UEBwwDTllDMRAwDgYDVQQKDAdNb25nb0RCMQwwCgYDVQQLDANTV0UxGTAX\nBgNVBAMMEGVyaW5tY251bHR5LnRlY2gxJzAlBgkqhkiG9w0BCQEWGGVyaW4ubWNu\ndWx0eUBtb25nb2RiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAOoAv1btxcEgDOdCgyz+/NtyFwa0h/3yGtj+WK7nMzcEntnxG5apHVRZ6eQ4ayZU\nhZNPbNWtcsbTEiRWyywMAd7/DbIa9GhsP1/P6Cv+TnO2krx8qVKQN93j8cme/b6g\n+yeEWMAM2rvfXq/fRTtJbH1Y6c4mYh4312mPrlEfgvAUQZh3DpJQNIVZ5MM2imp0\nfBgcggrNHUniLCT8ogUA4QII8CKIC4ONX4TNtXbsNtcCzKNqvOdcvWXLTYEJav34\nlaJs1YWJx2PSufgHo+JZUeANwwpztkYhr3nUGTD8fr7JF9CO7UlFBTFqs+PeaTJV\nEbnrF26NimsAmRgRPNLE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAe5hAkrhz\nClXg4HPq6U3ONEUVUqQ231gogeUIIQsfn4K89QIFnsm0DC1lE21qHNcD3iHECmDJ\n9R2tXdA0shbc+hM8OHbEW6U31dLrM369PUQmw0GOkFWlYHnX4ySt+zMAjlIrQe7C\nLErYSuLDpjuKvkdpvbcwgkarB9/FPCOhORpAZqduhwUOr28tZzT3/8L7w//+7Yhy\n5ihKgTcP/CmJ+MgLlZqBtQ7lkmKDWXIUlLSRDHEciVGSXgZBreUciNFeMHVvoluc\ndxdsxqMcXgyXwmv7Ck7tCjYRwzwlf3TrcKt8QFijWTbl1Z/3d0/zpjuvR21J0z/3\ns4tNMtQdG6/bHA==\n-----END CERTIFICATE-----"
9  }],
10  "encryptedCredentials": false,
11  "id": "{S3-BLOCKSTORE-CONFIG-ID}",
12  "links": [
13    {
14      "href": "https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs",
15      "rel": "self"
16    }
17  ],
18  "loadFactor": 1,
19  "pathStyleAccessEnabled": false,
20  "s3AuthMethod": "KEYS",
21  "s3BucketEndpoint": "s3.amazonaws.com",
22  "s3BucketName": "bucketname",
23  "s3MaxConnections": 50,
24  "sseEnabled": true,
25  "ssl": false,
26  "uri": "mongodb://127.0.0.1:27017",
27  "writeConcern": "ACKNOWLEDGED"
28}
1{
2  "acceptedTos": true,
3  "assignmentEnabled": true,
4  "encryptedCredentials": false,
5  "id": "{S3-BLOCKSTORE-CONFIG-ID}",
6  "links": [
7    {
8      "href": "https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs",
9      "rel": "self"
10    }
11  ],
12  "loadFactor": 1,
13  "pathStyleAccessEnabled": false,
14  "s3AuthMethod": "IAM_ROLE",
15  "s3BucketEndpoint": "s3.amazonaws.com",
16  "s3BucketName": "bucketname",
17  "s3MaxConnections": 50,
18  "sseEnabled": true,
19  "ssl": false,
20  "uri": "mongodb://127.0.0.1:27017",
21  "writeConcern": "ACKNOWLEDGED"
22}

Back

Get All S3 Blockstore Configurations

Next

Update One S3 Blockstore Configuration