...
Multiexcerpt macro | ||||||
---|---|---|---|---|---|---|
| ||||||
Dynamic Account types support Secrets Management, a SnapLogic add-on that allows you to store endpoint credentials in a third-party secrets manager. Orgs using Secrets Management provide the information necessary to retrieve the secrets in expression-enabled dynamic Account fields. During validation and execution, Pipelines obtain the credentials directly from the secrets manager. Learn more about Dynamic Account types support Secrets Management, a SnapLogic add-on that allows you to store endpoint credentials in a third-party secrets manager. Orgs using Secrets Management provide the information necessary to retrieve the secrets in expression-enabled dynamic Account fields. During validation and execution, Pipelines obtain the credentials directly from the secrets manager. Learn more about Secrets Management. |
Prerequisites
The s3:ListAllMyBuckets
permission is required to successfully validate an S3 account. Refer to the Account Permissions section below for additional permissions required for the target resources based on the task to be performed.
Account Settings
...
Info |
---|
|
Field Name | Field Type | Description | |
---|---|---|---|
Label Default Value: None | String | Specify a unique label for the account. | |
Access-key ID Default Value: None | String/Expression | The Access key ID part of AWS authentication. | |
Secret key Default Value: [None] | String/Expression | The Secret key part of AWS authentication. | |
Security Token Default value: [None | String/Expression | The Security token part of AWS Security Token Service (STS) credentials. | |
Server-side encryption Default value: Not Selected | Checkbox | The type of encryption to use for the objects stored in S3. For Snaps that write objects to S3, this field defines how the objects will be encrypted. For Snaps that read objects from S3, this field is not required. | |
KMS Encryption type Default value: None | Dropdown list | The AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. The available options are:
For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. | |
KMS key Default value: None | String/Expression | The AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. | |
KMS region Default value: None | String/Expression | The AWS region where the KMS key is located. | |
Cross Account IAM Role | Use this field set to manage account access. Learn more about setting up Cross Account IAM Role. | ||
Role ARN Default value: None | String/Expression | The Amazon Resource Name of the role to assume. | |
External ID Default value: None | String/Expression | An optional external ID that might be required by the role to assume. | |
Support IAM role max session duration | Checkbox | Select this checkbox when you want to extend the maximum session duration of an IAM role defined in AWS. On selecting this checkbox, the cross account IAM role is assumed with the maximum session duration defined for the IAM role. This checkbox is deselected by default. The default maximum session duration for an IAM role is one hour; however, you can define a custom duration between 1-12 hours. Learn how to increase the IAM role maximum session duration limit. |
Multiexcerpt include macro | ||||
---|---|---|---|---|
|
...