Page cover

Integrating with S3

Prerequisites

Amazon S3 Setup Integration Methods Method 1: Using Access Key and Secret Step 1: Create an IAM policy Step 2: Create User Step 3: Generate the Access key and secret Step 4: Integration details Method 2: Using the IAM role Step 1: Create an IAM policy Step 2: Create an IAM role Step 3: Adding permissions to the S3 bucket Step 4: Integration details

Prerequisites

To connect your Amazon S3 bucket to Drivetrain, you need:

  • An S3 bucket containing files with CSV file types and encodings

  • For private or encrypted buckets, an AWS account with the ability to grant Drivetrain permission and to read from the bucket

Amazon S3 Setup

We recommend disabling Access Control Lists (ACLs) on each S3 bucket so that the bucket contents are controlled by the bucket's access control settings and not the original file owner's settings. For more information about disabling ACLs for your bucket, see Amazon S3 documentation.

Integration Methods

Method 1: Using the Access key and Secret

  • Bucket name

  • Folder path

  • Access key

  • Access secret

  • AWS Region

Method 2: Using Roles (More secure)

  • Bucket name

  • Folder path

  • AWS Region

Method 1: Using Access Key and Secret

Step 1: Create an IAM Policy

You must create an IAM policy for both the IAM Role and Access Key and Secret approaches.

For encrypted buckets, follow Amazon S3 bucket instructions to modify the AWS KMS key's policy to grant Drivetrain permissions to download files from your encrypted bucket

  1. Open your Amazon IAM console.

  2. Go to Policies, then click Create Policy

  1. Go to the JSON tab

  1. Copy the following policy and paste it into the visual editor. Replace {your-bucket-name} with the name of your S3 bucket. After that, click Next: Tags.

{
    "Version": "2012-10-17",
    "Statement": [
        {
        "Effect": "Allow",
        "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"

        ],
        "Resource": [
                "arn:aws:s3:::{your-bucket-name}/*",
                "arn:aws:s3:::{your-bucket-name}"
        ]
        }
    ]
}

5. (Optional) If you use a customer-managed KMS key, add the following policy to the Action section of the IAM policy to provide read access to the encrypted files.

Action": [
         "kms:Decrypt",
         "kms:GenerateDataKey"
     ]

  1. In the Add tags step, you can optionally add custom tags that will be associated with your bucket. Click Next: Review.

  2. In the Review policy step, specify the name of your policy, for example "Drivetrain-S3-Access", then click Create policy.

Step 2: Create User

  1. Open your Amazon IAM console.

  2. Go to Users, then click Add users.

  3. Enter the user name, then click Next.

  4. Select the Attach policies directly option, then choose the "Drivetrain-S3-Access" policy you created in Step 1.

  1. Click Next, then click Create User.

Step 3: Generate the access key and secret

  1. In the Users tab, open the User you created.

  2. Go to the Security credentials tab and navigate to the Access keys section.

  3. Click the Create access key.

  1. From the Use Case options, select the Third-party service option and then click Next.

  2. Enter a Description tag value and then click the Create access key.

  3. Copy the Access key and Secret access key values. You will need them to configure the integration.

Step 4: Integration details

Share the following details with the Drivetrain team:

  1. Bucket name

  2. Folder path

  3. Access key

  4. Access secret

  5. AWS Region

Method 2: Using IAM Role

Step 1: Create an IAM Policy

Follow the same steps as in Step 1 of Method 1.

Step 2: Create an IAM Role

  1. Go to Roles, then click Create role.

  1. Select AWS account, then enter Drivetrain’s AWS Account ID, 865992467666, in the Account ID field.

  1. In the Add permissions step, select the "Drivetrain-S3-Access" policy you created, then click Next.

  1. Enter the name Drivetrain-Integration check Trust policy settings and attached policy and click Create Role.

Step 3: Adding permissions to the S3 bucket

To assign permissions to your S3 bucket, follow the below steps:

  1. Select the bucket to which you want to assign permissions.

  2. Navigate to the Permissions tab.

  3. Go to Bucket Policy.

  4. Click Edit. Copy the below policy and paste it into the visual editor. Replace {your-bucket-name} with the name of your S3 bucket.

{    
	"Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::865992467666:role/Drivetrain-Intergration"
            },
            "Action": [
                "s3:GetBucketLocation",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::{your-bucket-name}/*",
				"arn:aws:s3:::{your-bucket-name}"
            ]
        }
    ]
}

  1. Click 'Save' to apply the changes.

Step 4: Integration details

Share the following details with the Drivetrain team:

  1. Bucket name.

  2. Folder path.

  3. AWS Region

PreviousIntegrating with RedshiftNextIntegrating with Snowflake

Last updated

Was this helpful?