This version of the documentation is archived and no longer supported. To learn how to upgrade your version of MongoDB Ops Manager, refer to the upgrade documentation.
You were redirected from a different version of the documentation. Click here to go back.

Create One S3 Blockstore Configuration

Configures one new s3 blockstore.

Base URL: https://{OPSMANAGER-HOST}:{PORT}/api/public/v1.0/admin/backup


POST /snapshot/s3Configs

Request Path Parameters

This endpoint does not use HTTP request path parameters.

Request Query Parameters

The following query parameters are optional:

Name Type Necessity Description Default
pretty boolean Optional Flag indicating whether the response body should be in a prettyprint format. false
envelope boolean Optional

Flag that indicates whether or not to wrap the response in an envelope.

Some API clients cannot access the HTTP response headers or status code. To remediate this, set envelope=true in the query.

For endpoints that return one result, the response body includes:

Name Description
status HTTP response code
envelope Expected response body

Request Body Parameters

Name Type Necessity Description
acceptedTos boolean Required

Flag that indicates whether or not you accepted the terms of service for using S3-compatible stores with Ops Manager. You must set this to true to create an S3-compatible store.

If you set this to false, Ops Manager returns an error. The error states that Ops Manager can’t create the S3-compatible store.

assignmentEnabled boolean Optional Flag that indicates whether you can assign backup jobs to this data store.
awsAccessKey string Conditional

AWS Access Key ID that can access the S3 bucket specified in s3BucketName.

If "s3AuthMethod" : "IAM_ROLE", then you don’t need to include awsAccessKey.

awsSecretKey string Conditional

AWS Secret Access Key that can access the S3 bucket specified in <s3BucketName>.

If "s3AuthMethod" : "IAM_ROLE", then you don’t need to include awsSecretKey.

customCertificates array Optional List of valid Certificate Authority certificates that apply to the associated S3 bucket.
customCertificates[n].filename string Optional Name that identifies the Certificate Authority PEM file.
customCertificates[n].certString string Optional Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain.
disableProxyS3 boolean Optional Flag that indicates whether the HTTP proxy should be used when connecting to S3. You don’t need to set this value unless you configured Ops Manager to use the HTTP proxy.
encryptedCredentials boolean Optional Flag that indicates whether the username and password for this S3 blockstore were encrypted using the credentialstool.
id string Required Name that uniquely identifies this S3 Snapshot Store.
labels array of strings Optional

Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores.

Setting these tags limits which backup jobs this S3 blockstore can process. If omitted, this S3 blockstore can only process backup jobs for projects that do not use labels to filter their jobs.

loadFactor number Optional

Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use.

See also

To learn more about Load Factor, see Edit an Existing S3 Blockstore

pathStyleAccessEnabled boolean Required

Flag that indicates the style of this endpoint.

Value S3 Blockstore Endpoint Style Example
true Path-style URL endpoint<bucket>
false Virtual-host-style URL endpoint <bucket>

To review the S3 bucket URL conventions, see the AWS S3 documentation.

s3AuthMethod string Optional

Method used to authorize access to the S3 bucket specified in s3BucketName.

Accepted values for this option are: KEYS, IAM_ROLE.

KEYS or None Ops Manager uses awsAccessKey and awsSecretKey to authorize access to S3 bucket specified in s3BucketName.
IAM_ROLE Ops Manager uses an AWS IAM role to authorize access to S3 bucket specified in s3BucketName. awsAccessKey and awsSecretKey fields are ignored. To learn more, see the AWS documentation
s3BucketEndpoint string Required URL used to access this AWS S3 or S3-compatible bucket.
s3BucketName string Required Name of the S3 bucket that hosts the S3 blockstore.
s3MaxConnections number Required Positive integer indicating the maximum number of connections to this S3 blockstore.
s3RegionOverride string Conditional

Region where your S3 bucket resides.

Use this field only if your S3-compatible store’s s3BucketEndpoint doesn’t support region scoping. Don’t use this field with AWS S3 buckets.

sseEnabled boolean Required Flag that indicates whether this S3 blockstore enables server-side encryption.
ssl boolean Optional Flag that indicates whether this S3 blockstore only accepts connections encrypted using TLS.
uri string Required Connection String that connects to the metadata database for this S3 blockstore. This database stores the locations of the blocks in the AWS S3 bucket.
writeConcern string Optional

Write concern used for this blockstore.

Ops Manager accepts the following values:

  • W2

See also

To learn about write acknowledgement levels in MongoDB, see Write Concern


Name Type Description
acceptedTos boolean Flag that indicates whether or not you accepted the terms of service for using S3-compatible stores with Ops Manager. You must set this to true to create an S3-compatible store.
assignmentEnabled boolean Flag that indicates whether you can assign backup jobs to this data store.
awsAccessKey string AWS Access Key ID that can access the S3 bucket specified in s3BucketName.
awsSecretKey string AWS Secret Access Key that can access the S3 bucket specified in s3BucketName.
customCertificates array List of valid Certificate Authority certificates that apply to the associated S3 bucket.
customCertificates[n].filename string Name that identifies the Certificate Authority PEM file.
customCertificates[n].certString string Contents of the Certificate Authority PEM file that comprise your Certificate Authority chain.
disableProxyS3 boolean Flag that indicates whether the HTTP proxy should be used when connecting to S3.
encryptedCredentials boolean Flag that indicates whether the username and password for this S3 blockstore were encrypted using the credentialstool.
id string Name that uniquely identifies this S3 blockstore.
labels array of strings Array of tags to manage which backup jobs Ops Manager can assign to which S3 blockstores.
links object array One or more links to sub-resources and/or related resources. All links arrays in responses include at least one link called self. The relationships between URLs are explained in the Web Linking Specification.
loadFactor integer

Positive, non-zero integer that expresses how much backup work this snapshot store performs compared to another snapshot store. This option is needed only if more than one snapshot store is in use.

See also

To learn more about Load Factor, see Edit an Existing |s3| Blockstore

pathStyleAccessEnabled boolean

Flag that indicates the style of this endpoint.

Value S3 Blockstore Endpoint Style Example
true Path-style URL endpoint<bucket>
false Virtual-host-style URL endpoint <bucket>

To review the S3 bucket URL conventions, see the AWS S3 documentation.

s3AuthMethod string

Method used to authorize access to the S3 bucket specified in s3BucketName.

Accepted values for this option are: KEYS, IAM_ROLE.

KEYS or None Ops Manager uses awsAccessKey and awsSecretKey to authorize access to S3 bucket specified in s3BucketName.
IAM_ROLE Ops Manager uses an AWS IAM role to authorize access to S3 bucket specified in s3BucketName. awsAccessKey and awsSecretKey fields are ignored. To learn more, see the AWS documentation
s3BucketEndpoint string URL that Ops Manager uses to access this AWS S3 or S3-compatible bucket.
s3BucketName string Name of the S3 bucket that hosts the S3 blockstore.
s3MaxConnections integer Positive integer indicating the maximum number of connections to this S3 blockstore.
s3RegionOverride string

Region where your S3 bucket resides. This field applies only if your S3-compatible store’s s3BucketEndpoint doesn’t support region scoping.

Ops Manager returns this field only if you included it when you created or updated this S3 blockstore.

sseEnabled boolean Flag that indicates whether this S3 blockstore enables server-side encryption.
ssl boolean Flag that indicates whether this S3 blockstore only accepts connections encrypted using TLS.
uri string Connection String that connects to the metadata database for this S3 blockstore. This database stores the locations of the blocks in the AWS S3 bucket.
writeConcern string

Write concern used for this blockstore.

Ops Manager returns one of the following values:

  • W2

See also

To learn about write acknowledgement levels in MongoDB, see Write Concern

Example Request

curl --user '{PUBLIC-KEY}:{PRIVATE-KEY}' --digest \
     --header 'Accept: application/json' \
     --header 'Content-Type: application/json' \
     --include \
     --request POST 'https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs?pretty=true' \
     --data '{
       "id": "{S3-BLOCKSTORE-CONFIG-ID}",
       "assignmentEnabled": true,
       "pathStyleAccessEnabled": false,
       "awsAccessKey": "<access>",
       "awsSecretKey": "<secret>",
       "acceptedTos": true,
       "customCertificates" : [{
         "filename" : "CA.pem",
         "certString" : "-----BEGIN CERTIFICATE-----\nMIIDljCCAn4CCQDJjCHAkAafFTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgMAk5ZMQwwCgYDVQQHDANOWUMxEDAOBgNVBAoMB01vbmdvREIx\nDDAKBgNVBAsMA1NXRTEZMBcGA1UEAwwQZXJpbm1jbnVsdHkudGVjaDEnMCUGCSqG\nSIb3DQEJARYYZXJpbi5tY251bHR5QG1vbmdvZGIuY29tMB4XDTIxMDYxMTE1MzY0\nMVoXDTIxMDcxMTE1MzY0MVowgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEM\nMAoGA1UEBwwDTllDMRAwDgYDVQQKDAdNb25nb0RCMQwwCgYDVQQLDANTV0UxGTAX\nBgNVBAMMEGVyaW5tY251bHR5LnRlY2gxJzAlBgkqhkiG9w0BCQEWGGVyaW4ubWNu\ndWx0eUBtb25nb2RiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAOoAv1btxcEgDOdCgyz+/NtyFwa0h/3yGtj+WK7nMzcEntnxG5apHVRZ6eQ4ayZU\nhZNPbNWtcsbTEiRWyywMAd7/DbIa9GhsP1/P6Cv+TnO2krx8qVKQN93j8cme/b6g\n+yeEWMAM2rvfXq/fRTtJbH1Y6c4mYh4312mPrlEfgvAUQZh3DpJQNIVZ5MM2imp0\nfBgcggrNHUniLCT8ogUA4QII8CKIC4ONX4TNtXbsNtcCzKNqvOdcvWXLTYEJav34\nlaJs1YWJx2PSufgHo+JZUeANwwpztkYhr3nUGTD8fr7JF9CO7UlFBTFqs+PeaTJV\nEbnrF26NimsAmRgRPNLE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAe5hAkrhz\nClXg4HPq6U3ONEUVUqQ231gogeUIIQsfn4K89QIFnsm0DC1lE21qHNcD3iHECmDJ\n9R2tXdA0shbc+hM8OHbEW6U31dLrM369PUQmw0GOkFWlYHnX4ySt+zMAjlIrQe7C\nLErYSuLDpjuKvkdpvbcwgkarB9/FPCOhORpAZqduhwUOr28tZzT3/8L7w//+7Yhy\n5ihKgTcP/CmJ+MgLlZqBtQ7lkmKDWXIUlLSRDHEciVGSXgZBreUciNFeMHVvoluc\ndxdsxqMcXgyXwmv7Ck7tCjYRwzwlf3TrcKt8QFijWTbl1Z/3d0/zpjuvR21J0z/3\ns4tNMtQdG6/bHA==\n-----END CERTIFICATE-----"
       "encryptedCredentials": false,
       "loadFactor": 50,
       "s3AuthMethod": "KEYS",
       "s3BucketEndpoint": "",
       "s3BucketName": "bucketname",
       "s3MaxConnections": 50,
       "sseEnabled": true,
       "uri": "mongodb://",
       "ssl": false,
       "writeConcern": "ACKNOWLEDGED"

Example Response

Response Header

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=ISO-8859-1
Date: {dateInUnixFormat}
WWW-Authenticate: Digest realm="MMS Public API", domain="", nonce="{nonce}", algorithm=MD5, op="auth", stale=false
Content-Length: {requestLengthInBytes}
Connection: keep-alive
HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: application/json
Strict-Transport-Security: max-age=300
Date: {dateInUnixFormat}
Connection: keep-alive
Content-Length: {requestLengthInBytes}
X-MongoDB-Service-Version: gitHash={gitHash}; versionString={ApplicationVersion}

Response Body

  "acceptedTos": true,
  "assignmentEnabled": true,
  "awsAccessKey": "<access>",
  "awsSecretKey": "<secret>",
  "customCertificates" : [{
    "filename" : "CA.pem",
    "certString" : "-----BEGIN CERTIFICATE-----\nMIIDljCCAn4CCQDJjCHAkAafFTANBgkqhkiG9w0BAQsFADCBjDELMAkGA1UEBhMC\nVVMxCzAJBgNVBAgMAk5ZMQwwCgYDVQQHDANOWUMxEDAOBgNVBAoMB01vbmdvREIx\nDDAKBgNVBAsMA1NXRTEZMBcGA1UEAwwQZXJpbm1jbnVsdHkudGVjaDEnMCUGCSqG\nSIb3DQEJARYYZXJpbi5tY251bHR5QG1vbmdvZGIuY29tMB4XDTIxMDYxMTE1MzY0\nMVoXDTIxMDcxMTE1MzY0MVowgYwxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJOWTEM\nMAoGA1UEBwwDTllDMRAwDgYDVQQKDAdNb25nb0RCMQwwCgYDVQQLDANTV0UxGTAX\nBgNVBAMMEGVyaW5tY251bHR5LnRlY2gxJzAlBgkqhkiG9w0BCQEWGGVyaW4ubWNu\ndWx0eUBtb25nb2RiLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB\nAOoAv1btxcEgDOdCgyz+/NtyFwa0h/3yGtj+WK7nMzcEntnxG5apHVRZ6eQ4ayZU\nhZNPbNWtcsbTEiRWyywMAd7/DbIa9GhsP1/P6Cv+TnO2krx8qVKQN93j8cme/b6g\n+yeEWMAM2rvfXq/fRTtJbH1Y6c4mYh4312mPrlEfgvAUQZh3DpJQNIVZ5MM2imp0\nfBgcggrNHUniLCT8ogUA4QII8CKIC4ONX4TNtXbsNtcCzKNqvOdcvWXLTYEJav34\nlaJs1YWJx2PSufgHo+JZUeANwwpztkYhr3nUGTD8fr7JF9CO7UlFBTFqs+PeaTJV\nEbnrF26NimsAmRgRPNLE170CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAe5hAkrhz\nClXg4HPq6U3ONEUVUqQ231gogeUIIQsfn4K89QIFnsm0DC1lE21qHNcD3iHECmDJ\n9R2tXdA0shbc+hM8OHbEW6U31dLrM369PUQmw0GOkFWlYHnX4ySt+zMAjlIrQe7C\nLErYSuLDpjuKvkdpvbcwgkarB9/FPCOhORpAZqduhwUOr28tZzT3/8L7w//+7Yhy\n5ihKgTcP/CmJ+MgLlZqBtQ7lkmKDWXIUlLSRDHEciVGSXgZBreUciNFeMHVvoluc\ndxdsxqMcXgyXwmv7Ck7tCjYRwzwlf3TrcKt8QFijWTbl1Z/3d0/zpjuvR21J0z/3\ns4tNMtQdG6/bHA==\n-----END CERTIFICATE-----"
  "encryptedCredentials": false,
  "links": [
      "href": "https://<OpsManagerHost>:<Port>/api/public/v1.0/admin/backup/snapshot/s3Configs",
      "rel": "self"
  "loadFactor": 50,
  "pathStyleAccessEnabled": false,
  "s3AuthMethod": "KEYS",
  "s3BucketEndpoint": "",
  "s3BucketName": "bucketname",
  "s3MaxConnections": 50,
  "sseEnabled": true,
  "ssl": false,
  "uri": "mongodb://",
  "writeConcern": "ACKNOWLEDGED"
Was this page helpful?