Communities
A collaborative platform to connect and grow with like-minded Informaticans across the globe
Product Communities
Connect and collaborate with Informatica experts and champions
Discussions
Have a question? Start a Discussion and get immediate answers you are looking for
User Groups
Customer-organized groups that meet online and in-person. Join today to network, share ideas, and get tips on how to get the most out of Informatica
Get Started
Community Guidelines
Knowledge Center
Troubleshooting documents, product guides, how to videos, best practices, and more
Knowledge Base
One-stop self-service portal for solutions, FAQs, Whitepapers, How Tos, Videos, and more
Support TV
Video channel for step-by-step instructions to use our products, best practices, troubleshooting tips, and much more
Documentation
Information library of the latest product documents
Velocity (Best Practices)
Best practices and use cases from the Implementation team
Learn
Rich resources to help you leverage full capabilities of our products
Trainings
Role-based training programs for the best ROI
Certifications
Get certified on Informatica products. Free, Foundation, or Professional
Product Learning Paths
Free and unlimited modules based on your expertise level and journey
Resources
Library of content to help you leverage the best of Informatica products
Tech Tuesdays Webinars
Most popular webinars on product architecture, best practices, and more
Product Availability Matrix
Product Availability Matrix statements of Informatica products
SupportFlash
Monthly support newsletter
Support Documents
Informatica Support Guide and Statements, Quick Start Guides, and Cloud Product Description Schedule
Product Lifecycle
End of Life statements of Informatica products
Ideas
Events
Change Request Tracking
Marketplace
English
  • Data Integration Connectors
  • All Products

Table of Contents

Search

  1. Preface
  2. Introduction to Amazon S3 V2 Connector
  3. Connections for Amazon S3 V2
  4. Amazon S3 V2 sources and targets
  5. Mappings and mapping tasks with Amazon S3 V2
  6. Migrating a mapping
  7. Upgrading to Amazon S3 V2 Connector
  8. Data type reference
  9. Troubleshooting

Amazon S3 V2 Connector

Amazon S3 V2 Connector

Back Next

AssumeRole using EC2 role and IAM user

AssumeRole using EC2 role and IAM user

You can configure AssumeRole using
EC2 role or
IAM user to connect to Amazon S3.
You can use the temporary security credentials using AssumeRole to access AWS resources from the same or different AWS accounts.
When you configure AssumeRole using
EC2 role or
 IAM user, ensure that you have the
sts:AssumeRole
 permission and a trust relationship established within the AWS accounts to use the temporary security credentials. The trust relationship is defined in the trust policy of the IAM role when you create the role. The IAM role adds the
EC2 role
or IAM user as a trusted entity allowing the
EC2 role or
IAM user to use the temporary security credentials and access the AWS accounts.
For more information about how to establish the trust relationship, see the AWS documentation.
When the trusted
EC2 role or
IAM user requests for the temporary security credentials, the AWS Security Token Service (AWS STS) dynamically generates the temporary security credentials that are valid for a specified period and provides the credentials to the trusted
EC2 role or
IAM user.

AssumeRole using EC2 role

To configure an EC2 role to assume the IAM role provided in the
IAM Role ARN
 connection property, select the
Use EC2 Role to Assume Role
 check box in the Amazon S3 V2 connection properties.
The Amazon EC2 role can assume another IAM role from the same or different AWS account without requiring a permanent access key and secret key. The Amazon EC2 role can also assume another IAM role from a different region.
Consider the following prerequisites before you configure AssumeRole using EC2 role:
  • Install the Secure Agent on an AWS service such as Amazon EC2.
  • The EC2 role attached to the AWS EC2 service must not have access to Amazon S3 but needs to have permission to assume another IAM role.
  • The IAM role that needs to be assumed by the EC2 role must have a permission policy and a trust policy attached to it.

AssumeRole using IAM user

To configure AssumeRole using IAM user, provide the value of the
IAM Role ARN
 connection property when you create an Amazon S3 V2 connection. The IAM Role ARN uniquely identifies the AWS resources. Then, specify the time duration in seconds during which you can use the temporarily security credentials in the
Temporary Credential Duration
 advanced source
and target
 properties.
You need to follow some guidelines when you configure AssumeRole using IAM user. For more information, see Rules and guidelines for AssumeRole via IAM user authentication.
0 COMMENTS
We’d like to hear from you!