Label*

String

Specify a unique name for the account instance

Access-key ID

Default value: [None]

String

 Specify a unique access key ID part of AWS authentication.

Secret key

Default value: [None]

String

Specify the secret key part of AWS authentication

Server-side encryption

Default value: Not Selected

Checkbox

If selected, the S3 file is written and encrypted using the 256-bit Advanced Encryption Standard AAES256. 

For Snaps that read objects from S3, this field is not required, as encrypted data is automatically decrypted when data is read from S3.

KMS Encryption type

Default value:

 [None]

String

Choose the encryption type from the following list. This field represents the AWS Key Management Service key used to encrypt S3

objects—it can be the key ID or ARN. 

• None: The files do not get encrypted using KMS encryption.

• Server-Side KMS Encryption: The output files on Amazon S3 are encrypted with Amazon S3 generated KMS key.

• Client-Side KMS Encryption: The output files on Amazon S3 are encrypted with client generated KMS key.

KMS

key

Default value:  [None] 

String

Specify the AWS Key Management Service (KMS) key ID or ARN

 to be used for the S3 encryption. This is only required if the KMS Encryption type property is configured to use the encryption with KMS.

 Learn more

about the KMS key

:  AWS KMS Overview

 and Using Server Side Encryption. 

KMS region

Default Value: N/A
Example: s3.us-east-2

String

Specify or select a name of the region to which the KMS key belongs. 

IAM role

Checkbox

If selected, the IAM role stored in the EC2 instance is used, instead of the normal AWS authentication, to access the S3 bucket. The Access-key ID and Secret key fields are ignored in this case. To create EC2 role, see Configuring an EC2 role for IAM Role in AWS S3 Account.

Cross Account IAM Role

Use this field set

to configure the cross account access

. Learn more about setting up Cross Account IAM Role.

Role ARN

Default value: [None]
Example: arn:aws:s3::test-bucket-sa-sl/*

String/Expression

Specify the Amazon Resource Name of the role to assume.

External ID

Default value: [None]

Example:

String/Expression

Specify an external ID that might be required by the role to assume.

Support IAM role max session duration

Default Value: Deselected

Checkbox

Select this checkbox when you want to extend the maximum session duration of an IAM role defined in AWS. On selecting this checkbox, the cross-account IAM role is assumed with the maximum session duration defined for the IAM role.

When creating an S3 account, if you select the IAM role checkbox, then the following error is displayed on clicking the Validate button.

"Failed to validate account."

When you select the IAM role checkbox and validate the account, an error is displayed.

Ensure that you provide valid Role ARN and External ID values and then click Apply instead of Validate (on the AWS S3 account settings dialog) to use the account.

READ

s3:ListBucket, s3:ListBucketVersions,

and s3:ListBucketMultipartUploads

s3:GetObject

 and s3:GetObjectVersion

WRITE

s3:PutObject

• Bucket owner can create, overwrite, and delete any object in the bucket.

• Object owner

• has FULL_CONTROL

•  over their objects.

In addition, when the grantee is the bucket owner,

granting WRITE

 permission in a bucket ACL allows

the s3:DeleteObjectVersion

 action to be performed on any version in that bucket.

Not applicable.

READ_ACP

s3:GetBucketAcl

s3:GetObjectAcl

 and s3:GetObjectVersionAcl

WRITE_ACP

s3:PutBucketAcl

s3:PutObjectAcl

 and s3:PutObjectVersionAcl

FULL_CONTROL

Equivalent to

granting READ, WRITE, READ_ACP,

and WRITE_ACP

 ACL permissions. Accordingly, this ACL permission maps to a combination of corresponding access policy permissions.

Equivalent to

granting READ, READ_ACP,

and WRITE_ACP

 ACL permissions. Accordingly, this ACL permission maps to a combination of corresponding access policy permissions.