Managing user accounts

wasabiWhen you first sign up for Wasabi, you are using the root account. For everyday usage you should avoid using this account. This article describes how to create your first user accounts.


Change the root alias

A good first step is to create an alias for your root account. This will make it easier for staff to log in without having to know the root account password.

  1. Log in as the root account.
  2. Click the menu button menu
  3. Select Settings in the left pane.
  4. Expand Account Alias.
  5. Enter a unique alias and click Save.

 

Groups

It is a good idea to manage your users with groups.

  1. In the left pane, select Groups.
  2. Click Create Group.
  3. Enter a Group Name (e.g. admins).
  4. Click the newly created admins group, to open it for editing.
  5. On the Policies tab, add AdministratorAccess.

 

Console Users

To avoid regular use of the root account, you can create Console user accounts.

  1. In the left pane, select Users.
  2. Click Create User.
  3. Enter a Username.
  4. For access, select Console.
  5. Enter a Password.
  6. Select the Group admins.
  7. You do not need to select a policy, as this is set at the Group level.
  8. Click Create user.

You can now log off from the root user account and Sign In As Subuser, using the root alias, and username of this Console user.

 

Multi-Factor Authentication

Now that you've created some user accounts, it's a good idea to enable MFA for each account especially the root account.

 

API Users

API user accounts have credentials, which you can use to access a bucket. For security reasons I generally create a separate API user account for each bucket, and give them the same name.

  1. Log on with your Subuser account.
  2. Click the menu button menu
  3. In the left pane, select Users.
  4. Click Create User.
  5. Enter a unique Name.
  6. For access, select the option for a Programatic (create API key).
  7. Select the Group buckets.
  8. Do not select a policy.
  9. Click the button to Create User.
  10. Click Download CSV, to download the credentials.csv file, that includes the Access Key and the Secret Access Key.

Using these credentials you will be able to use this API user account for accessing buckets programatically via other systems.

 

Thanks for visiting.