Versions Compared

Old Version 21

changes.mady.by.user Kalpana Malladi

Saved on

compared with

New Version 22

changes.mady.by.user Kalpana Malladi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this article

Table of Contents
maxLevel2
excludeOlder Versions|Additional Resources|Related Links|Related Information

Overview

You can

...

use this account type to connect Binary Snaps with data sources that use an S3 account.

Multiexcerpt macro
hiddenfalse
nameSecrets_Management_Dynamic_Accounts
fallbackfalse

The dynamic account types support Secrets Management that allows storing endpoint credentials. Instead of entering credentials directly in SnapLogic Accounts and relying on SnapLogic to encrypt them, the accounts contain only the information necessary to retrieve the secrets. During validation and execution, Pipelines obtain the credentials directly from the secrets manager. Learn more about Secrets Management.

Prerequisites

The s3:ListAllMyBuckets

...

 permission is required to successfully validate an S3 account. Refer to the Account Permissions section below for additional permissions

...

required for the target resources based on the task to be performed.

Account

...

In Manager, you can navigate to the required folder and create an account in it (see Accounts). To create an account for binary files:

  1. Click Create, then select Binary, then S3 Dynamic.
  2. Supply an account label.

  3. Supply the necessary information.

  4. (Optional) Supply additional information on this account in the Notes field of the Info tab.
  5. Click Apply.

Account Settings

Image Removed

...

Label

...

Access-key ID

...

Settings

...

Info

  • Asterisk (*): Indicates a mandatory field.

  • Suggestion icon ((blue star)): Indicates a list that is dynamically populated based on the configuration.

  • Expression icon ((blue star)): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.

  • Add icon ((blue star)): Indicates that you can add fields in the fieldset.

  • Remove icon ((blue star)): Indicates that you can remove fields from the fieldset.

Field Name

Field Type

Description

Label

Default Value: None
Example: S3 Dynamic Account

String

Specify a unique label for the account.

Access-key ID

Default Value: None
Example: xyz876jhnJKBuya9730

String/Expression

Access key ID part of AWS authentication

Secret key

Default

...

Value: [None]

...

Secret key


Example: bn098&^*jhj34kxii0/?

String/Expression

Secret key part of AWS authentication

Security Token

Default value: [None

...


Example: XZlkdf129LONmn65n=

String/Expression

Security token part of AWS Security Token Service (STS) credentials

Server-side encryption

Default value:

...

Not Selected
Example:

Checkbox

This represents the type of encryption to use for the objects stored in S3. For Snaps that write objects to S3, this field defines how the objects will be encrypted. For Snaps that read objects from S3, this field is not required.

KMS Encryption type

Default value:

...

 None
Example: Server side KMS Encryption

...

Dropdown list

The AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN.

...

The available options are:

  • None: The files do not get encrypted using KMS encryption.

  • Server side KMS Encryption: The output files on Amazon S3 are encrypted using this encryption with Amazon S3 generated KMS key.

  • Client side KMS Encryption: The output files on Amazon S3 are encrypted using this encryption with client generated KMS key.

For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region.

For Snaps that read objects from S3, this field is not required. 

...

...

KMS

...

key

...

...

Default value: None

...


Example: cvcv866kAL,m920

String/Expression

This field represents the AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. 

For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region.

For Snaps that read objects from S3, this field is not required.

KMS region

Default value

...

: None
Example: us-east-1

String/Expression

The AWS region where the KMS key is located.

Cross Account IAM Role

...

Use this field set

...

  • Role ARN
  • External ID

...

to manage account access. Learn more about setting up Cross Account IAM Role.

Role ARN

Default value: None

String/Expression

The Amazon Resource Name of the role to assume.

External ID

Default value:

...

 None

String/Expression

An optional external ID that might be required by the role to assume

...

Default value: [None]

Account Encryption

...

If you are using Standard Encryption, the High sensitivity settings under Enhanced Encryption are followed.

...

.

...

Account:

...

Multiexcerpt include macro
nameAccPerm
pageAWS S3 Account

Insert excerpt
Binary Snap Pack
Binary Snap Pack
nameBinary_SPH
nopaneltrue