Table of Contents

Search

  1. Preface
  2. Introduction to Data Engineering Administration
  3. Authentication
  4. Running Mappings on a Cluster with Kerberos Authentication
  5. Authorization
  6. Cluster Configuration
  7. Cloud Provisioning Configuration
  8. Data Integration Service Processing
  9. Appendix A: Connections Reference
  10. Appendix B: Monitoring REST API

Amazon S3 Connection Properties

Amazon S3 Connection Properties

When you set up an Amazon S3 connection, you must configure the connection properties.
The following table describes the Amazon S3 connection properties:
Property
Description
Name
The name of the connection. The name is not case sensitive and must be unique within the domain. You can change this property after you create the connection. The name cannot exceed 128 characters, contain spaces, or contain the following special characters:~ ` ! $ % ^ & * ( ) - + = { [ } ] | \ : ; " ' < , > . ? /
ID
String that the Data Integration Service uses to identify the connection. The ID is not case sensitive. It must be 255 characters or less and must be unique in the domain. You cannot change this property after you create the connection. Default value is the connection name.
Description
Optional. The description of the connection. The description cannot exceed 4,000 characters.
Location
The domain where you want to create the connection.
Type
The Amazon S3 connection type.
Access Key
Access key to access the Amazon S3 bucket. Provide the access key value based on the following authentication methods:
  • Basic authentication: provide the actual access key value.
  • IAM authentication: do not provide the access key value.
  • Temporary security credentials via assume role: provide access key of an IAM user with no permissions to access Amazon S3 bucket.
Secret Key
Secret access key to access the Amazon S3 bucket.
The secret key is associated with the access key and uniquely identifies the account. Provide the access key value based on the following authentication methods:
  • Basic authentication: provide the actual access secret value.
  • IAM authentication: do not provide the access secret value.
  • Temporary security credentials via assume role: provide access secret of an IAM user with no permissions to access Amazon S3 bucket.
IAM Role ARN
The ARN of the IAM role assumed by the user to use the dynamically generated temporary security credentials.
Enter the value of this property if you want to use the temporary security credentials to access the AWS resources.
If you want to use the temporary security credentials with IAM authentication, do not provide the Access Key and Secret Key connection properties. If you want to use the temporary security credentials without IAM authentication, you must enter the value of the Access Key and Secret Key connection properties.
For more information about how to obtain the ARN of the IAM role, see the AWS documentation.
Folder Path
The complete path to Amazon S3 objects. The path must include the bucket name and any folder name.
Do not use a slash at the end of the folder path. For example,
<bucket name>/<my folder name>
.
Master Symmetric Key
Optional. Provide a 256-bit AES encryption key in the Base64 format when you enable client-side encryption. You can generate a master symmetric key using a third-party tool.
Region Name
Select the AWS region in which the bucket you want to access resides.
Select one of the following regions:
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • AWS GovCloud (US)
  • Canada (Central)
  • China (Beijing)
  • China (Hong Kong)
  • China (Ningxia)
  • EU (Ireland)
  • EU (Frankfurt)
  • EU (London)
  • EU (Paris)
  • South America (Sao Paulo)
  • US East (Ohio)
  • US East (N. Virginia)
  • US West (N. California)
  • US West (Oregon)
Default is US East (N. Virginia).
Customer Master Key ID
Optional. Specify the customer master key ID or alias name generated by AWS Key Management Service (AWS KMS) or the Amazon Resource Name (ARN) of your custom key for cross-account access. You must generate the customer master key for the same region where Amazon S3 bucket reside.
You can specify any of the following values:
Customer generated customer master key
Enables client-side or server-side encryption.
Default customer master key
Enables client-side or server-side encryption. Only the administrator user of the account can use the default customer master key ID to enable client-side encryption.
Federated SSO IdP
Not applicable. You cannot select the federated SSO options.

0 COMMENTS

We’d like to hear from you!