On this page
Table of Contents | ||||
---|---|---|---|---|
|
You can create an account from Designer or Manager. In Designer, when working on pipelines, every Snap that needs an account prompts you to create a new account or use an existing account. The accounts can be created in or used from:
- Your private project folder: This folder contains the pipelines that will use the account.
- Your Project Space’s shared folder: This folder is accessible to all the users that belong to the Project Space.
- The global shared folder: This folder is accessible to all the users within an organization in the SnapLogic instance.
Prerequisites
The s3:ListAllMyBuckets
permission is required to successfully validate an S3 account. Refer to the Account Permissions section below for additional permissions required for the target resources based on the task to be performed.
Account Configuration
In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:
- Click Create, then select Binary, then AWS S3.
- Supply an account label.
Supply the necessary information.
- (Optional) Supply additional information on this account in the Notes field of the Info tab.
- Click Apply.
Account Settings
Label | Required. User provided label for the account instance | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Access-key ID | Required when IAM role is disabled. Unique access key ID part of AWS authentication. Default value: [None] | ||||||||||
Secret key | Required when IAM role is disabled. Secret key part of AWS authentication Default value: [None] | ||||||||||
Server-side encryption | This represents the type of encryption to use for the objects stored in S3. For Snaps that write objects to S3, this field defines how the objects will be encrypted. For Snaps that read objects from S3, this field is not required. Default value: Not Selected | ||||||||||
KMS Encryption type | This field represents the AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. The available options are:
Default value: [None] | ||||||||||
KMS key | Specifies the AWS Key Management Service (KMS) key ID or ARN to be used for the S3 encryption. This is only required if the KMS Encryption type property is configured to use the encryption with KMS. For more information about the KMS key refer to AWS KMS Overview and Using Server Side Encryption. For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. Default value: [None] | ||||||||||
IAM role | If enabled, IAM role stored in the EC2 instance is used to access S3 bucket. Access-key ID and Secret key are required to be empty if this property is selected.
| IAM Role properties |
Info |
---|
To use IAM Role Properties, ensure to select the IAM Role check box. |
Endpoint Name of the region the S3 bucket belongs to.
According to Hadoop AWS documentation, S3 can work with buckets from any region and Each region has its own S3 endpoint, documented by Amazon. Parquet Reader and Writer Snap support this setting.
Example: s3.us-east-2.amazonaws.com
Default: [None]Account Encryption
Standard Encryption | If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed. | |
---|---|---|
Enhanced Encryption | If you have the Enhanced Account Encryption feature, the following describes which fields are encrypted for each sensitivity level selected per each account.
|
Multiexcerpt macro | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||||
Account PermissionsIn addition to the
See Setting Permissions and Permissions for the Amazon S3 Bucket for more information. |