Table of Contents

Search

  1. Preface
  2. Introduction to Data Engineering Administration
  3. Authentication
  4. Running Mappings on a Cluster with Kerberos Authentication
  5. Authorization
  6. Cluster Configuration
  7. Cloud Provisioning Configuration
  8. Data Integration Service Processing
  9. Appendix A: Connections Reference
  10. Appendix B: Monitoring REST API

Data Engineering Administrator Guide

Data Engineering Administrator Guide

Amazon S3 Connection Properties

Amazon S3 Connection Properties

When you set up an Amazon S3 connection, you must configure the connection properties.
When you use EMRFS Authorization, and the Informatica domain does not reside on an EC2 instance, provide access keys and secret keys to enable the Data integration Service to connect to S3 sources and targets. You can provide the access keys and secret keys in the S3 connection string, or in core-site.xml properties.
The following table describes the Amazon S3 connection properties:
Property
Description
Name
The name of the connection. The name is not case sensitive and must be unique within the domain. You can change this property after you create the connection. The name cannot exceed 128 characters, contain spaces, or contain the following special characters:~ ` ! $ % ^ & * ( ) - + = { [ } ] | \ : ; " ' < , > . ? /
ID
String that the Data Integration Service uses to identify the connection. The ID is not case sensitive. It must be 255 characters or less and must be unique in the domain. You cannot change this property after you create the connection. Default value is the connection name.
Description
Optional. The description of the connection. The description cannot exceed 4,000 characters.
Location
The domain where you want to create the connection.
Type
The Amazon S3 connection type.
Access Key
Access key to access the Amazon S3 bucket. Provide the access key value based on the following authentication methods:
  • Basic authentication: provide the actual access key value.
  • IAM authentication: do not provide the access key value.
  • Temporary security credentials via assume role: provide access key of an IAM user with no permissions to access Amazon S3 bucket.
Secret Key
Secret access key to access the Amazon S3 bucket.
The secret key is associated with the access key and uniquely identifies the account. Provide the access key value based on the following authentication methods:
  • Basic authentication: provide the actual access secret value.
  • IAM authentication: do not provide the access secret value.
  • Temporary security credentials via assume role: provide access secret of an IAM user with no permissions to access Amazon S3 bucket.
IAM Role ARN
The ARN of the IAM role assumed by the user to use the dynamically generated temporary security credentials.
Enter the value of this property if you want to use the temporary security credentials to access the AWS resources.
If you want to use the temporary security credentials with IAM authentication, do not provide the Access Key and Secret Key connection properties. If you want to use the temporary security credentials without IAM authentication, you must enter the value of the Access Key and Secret Key connection properties.
For more information about how to obtain the ARN of the IAM role, see the AWS documentation.
Folder Path
The complete path to Amazon S3 objects. The path must include the bucket name and any folder name.
Do not use a slash at the end of the folder path. For example,
<bucket name>/<my folder name>
.
Master Symmetric Key
Optional. Provide a 256-bit AES encryption key in the Base64 format when you enable client-side encryption. You can generate a master symmetric key using a third-party tool.
S3 Account Type
The type of the Amazon S3 account.
Select
Amazon S3 Storage
or
S3 Compatible Storage
.
Select the Amazon S3 storage option to use the Amazon S3 services. Select the S3 compatible storage option to specify the endpoint for a third-party storage provider such as Scality RING.
By default, Amazon S3 storage is selected.
REST Endpoint
The S3 storage endpoint.
Specify the S3 storage endpoint in HTTP/HTTPs format when you select the S3 compatible storage option. For example,
http://s3.isv.scality.com
.
Region Name
Select the AWS region in which the bucket you want to access resides.
Select one of the following regions:
  • Asia Pacific (Mumbai)
  • Asia Pacific (Seoul)
  • Asia Pacific (Singapore)
  • Asia Pacific (Sydney)
  • Asia Pacific (Tokyo)
  • AWS GovCloud (US)
  • Canada (Central)
  • China (Beijing)
  • China (Hong Kong)
  • China (Ningxia)
  • EU (Ireland)
  • EU (Frankfurt)
  • EU (London)
  • EU (Paris)
  • South America (Sao Paulo)
  • US East (Ohio)
  • US East (N. Virginia)
  • US West (N. California)
  • US West (Oregon)
Default is US East (N. Virginia).
Not applicable for S3 compatible storage.
Customer Master Key ID
Optional. Specify the customer master key ID or alias name generated by AWS Key Management Service (AWS KMS) or the Amazon Resource Name (ARN) of your custom key for cross-account access. You must generate the customer master key for the same region where Amazon S3 bucket reside.
You can specify any of the following values:
Customer generated customer master key
Enables client-side or server-side encryption.
Default customer master key
Enables client-side or server-side encryption. Only the administrator user of the account can use the default customer master key ID to enable client-side encryption.
Federated SSO IdP
SAML 2.0-enabled identity provider for the federated user single sign-on to use with the AWS account.
PowerExchange for Amazon S3 supports only the
ADFS 3.0
identity provider.
Select
None
if you do not want to use federated user single sign-on.

Federated user single sign-on connection properties

Configure the following properties when you select
ADFS 3.0
in
Federated SSO IdP
:
Property
Description
Federated User Name
User name of the federated user to access the AWS account through the identity provider.
Federated User Password
Password for the federated user to access the AWS account through the identity provider.
IdP SSO URL
Single sign-on URL of the identity provider for AWS.
SAML Identity Provider ARN
ARN of the SAML identity provider that the AWS administrator created to register the identity provider as a trusted provider.
Role ARN
ARN of the IAM role assumed by the federated user.

0 COMMENTS

We’d like to hear from you!