Requirements for S3
You can connect to Amazon S3 by creating an IAM policy for permissions.
To connect with Amazon S3, you create one policy for uploading data from Amazon S3, and a different policy for publishing data to Amazon S3. These IAM policies include the minimum permissions that must be allowed for connecting to S3.
After creating the policies, you can add the Amazon S3 connection in Tamr Cloud.
Creating an IAM policy to Upload from Amazon S3
- Sign in to Amazon IAM console.
- Navigate to Policies.
- Select Create Policy.
- Copy the following policy and paste it into the editor.
Tip: Replace{your-bucket-name}
placeholders with your AWS S3 values.
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*",
"Sid": "1"
},
{
"Action": [
"s3:ListBucket*",
"s3:Get*"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*",
"arn:aws:s3:::<your-bucket-name>"
],
"Sid": ""
}
- Select Next: Tags.
- Optionally add tags, then select Next: Review.
- Review your policy, give it a name and optional description, then select Create policy.
- Attach policy to users. See Adding and removing IAM identity permissions.
- Create keys for users. See Managing access keys for IAM users.
Creating an IAM policy to Publish to Amazon S3
- Sign in to Amazon IAM console.
- Navigate to Policies.
- Select Create Policy.
- Copy the following policy and paste it into the editor.
Tip: Replace{your-bucket-name}
placeholders with your AWS S3 values.
{
"Action": [
"s3:ListAllMyBuckets",
"s3:GetBucketLocation"
],
"Effect": "Allow",
"Resource": "arn:aws:s3:::*",
"Sid": "1"
},
{
"Action": [
"s3:Get*",
"s3:Delete*",
"s3:Put*",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:AbortMultipartUpload"
],
"Effect": "Allow",
"Resource": [
"arn:aws:s3:::<your-bucket-name>/*",
"arn:aws:s3:::<your-bucket-name>"
],
"Sid": ""
}
- Select Next: Tags.
- Optionally add tags, then select Next: Review.
- Review your policy, give it a name and optional description, then select Create policy.
- Attach policy to users. See Adding and removing IAM identity permissions.
- Create keys for users. See Managing access keys for IAM users.
Required Information for S3 Connection
When adding a connection, you are prompted for specific information for the connection type. Gather the following information before adding the connection.
Required information
- Name
- Description (Optional)
- Bucket
- Region
- Access Key ID
- Secret Access Key
- Prefix (Optional)
Configures a sub-path in the container for this connection. If you specify the prefix, your directories in the path must be created.
See AWS Documentation for more information.
Updated 8 months ago