Amazon S3 as a Source Connection
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Amazon S3 as a Source Connection

  • Dark
    Light
  • PDF

Article Summary

This is a step-by-step tutorial for creating an Amazon S3 connection.

Prerequisites

Create a Bucket

A bucket is an object container. To store data in Amazon S3, you must first create a bucket and specify a bucket name as well as an AWS Region. Then you upload your data as objects to that bucket in Amazon S3. Each object has a key (or key name) that serves as the object's unique identifier within the bucket.
Let's begin by logging into AWS and searching for Buckets:

Note:
This is a tour of the console. Please hover over the rippling dots and read the notes attached to follow through.

Add a Policy

A bucket policy is a resource-based policy that allows you to grant access permissions to your bucket and the objects contained within it.
Now that you've created a bucket, let's create a policy to grant the necessary permissions.

Please Note:
Make sure to repleace < RiveryFileZoneBucket > with the name of your S3 bucket.


Here's the policy's code:

{
 "Version":"2012-10-17",
 "Statement":[
   {
    "Sid":"RiveryManageFZBucket",
    "Effect":"Allow",
    "Action":[
    "s3:GetBucketCORS",
    "s3:ListBucket",
    "s3:GetBucketLocation"
     ],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>"
   },
   {
    "Sid":"RiveryManageFZObjects",
    "Effect":"Allow",
    "Action":[
      "s3:ReplicateObject",
      "s3:PutObject",
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:PutObjectVersionAcl",
      "s3:PutObjectAcl",
      "s3:ListMultipartUploadParts"],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>/*"
  },
  {
     "Sid":"RiveryHeadBucketsAndGetLists",
     "Effect":"Allow",
     "Action":"s3:ListAllMyBuckets",
     "Resource":"*"
  }
 ]
}

Create a Rivery User in AWS

Now, in order to connect to the Amazon S3 Source and Target (described in the following section) in Rivery console, you must first create an AWS Rivery user:


Connection Procedure

AWS Keys

  1. Type in the Connection Name.
  2. From the drop-down menu, choose your Region.
  3. Select AWS Keys credentials type.
  4. Enter Your AWS Access key id and Secret access key.
  5. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

image.png

IAM Role - Automatic

  1. Type in the Connection Name.
  2. From the drop-down menu, choose your Region.
  3. Select IAM Role - Automatic credentials type.
  4. To initiate the AWS CloudFormation Stack, click the Launch Stack button.
  5. Replace the External ID in the Parameters section with the one you were given in the Rivery console.

image.png

  1. Check 'I acknowledge that AWS CloudFormation may create IAM resources' in the Review tab, then click Create.
  2. Copy the value of 'RiveryAssumeRoleArn' from the Output tab in the stack.
  3. Paste the Role ARN Key.
  4. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

IAM Role - Manual

  1. Type in the Connection Name.

  2. From the drop-down menu, choose your Region.

  3. Select IAM Role - Automatic credentials type.

  4. Initiate the AWS IAM console.

  5. Click Policies on the side menu, and select Create Policy.
    a. Navigate to the JSON tab.
    b. Copy the following policy:

{
 "Version":"2012-10-17",
 "Statement":[
   {
    "Sid":"RiveryManageFZBucket",
    "Effect":"Allow",
    "Action":[
    "s3:GetBucketCORS",
    "s3:ListBucket",
    "s3:GetBucketAcl",
    "s3:GetBucketPolicy"
     ],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>"
   },
   {
    "Sid":"RiveryManageFZObjects",
    "Effect":"Allow",
    "Action":[
      "s3:ReplicateObject",
      "s3:PutObject",
      "s3:GetObjectAcl",
      "s3:GetObject",
      "s3:PutObjectVersionAcl",
      "s3:PutObjectAcl",
      "s3:ListMultipartUploadParts"],
    "Resource":"arn:aws:s3:::<RiveryFileZoneBucket>/*"
  },
  {
     "Sid":"RiveryHeadBucketsAndGetLists",
     "Effect":"Allow",
     "Action":"s3:ListAllMyBuckets",
     "Resource":"*"
  }
 ]
}

c. Paste the Policy it into the description box, then click Review Policy.

  1. Name the Policy - 'Rivery-S3-Policy' and click Create Policy.
  2. Click Roles on the side menu, and select Create Role.
  3. Select Another AWS Account and change the Account ID to the one you were given in the Rivery console.
  4. Check Require External ID, and set External ID to the one you were given in the Rivery console.

image.png

  1. Click Next.
  2. Attach the 'Rivery-S3-Policy' to the Attach Policy form.
  3. Set Rivery-S3-Role as the role name.
  4. Copy the Role ARN From the Role's window and paste it into the field below.
  5. Use the Test Connection function to see if your connection is up to the task.
    If the connection succeeded, you can now use this connection in Rivery.

Was this article helpful?