S3 Dynamic Account
In this article
Overview
You can use this account type to connect Binary Snaps with data sources that use an S3 account.
Expression-enabled authentication fields, such as Username, Password, and Client Secret, support Secrets Management, a SnapLogic add-on that allows you to store endpoint credentials in a third-party secrets manager, such as AWS Secrets Manager, Azure Key Vault, or HashiCorp Vault. During validation and execution, pipelines obtain the credentials directly from the secrets manager. Learn more: Configure Accounts to use secrets.
Prerequisites
The s3:ListAllMyBuckets
 permission is required to successfully validate an S3 account. Refer to the Account Permissions section below for additional permissions required for the target resources based on the task to be performed.
Account Settings
Â
Asterisk (*): Indicates a mandatory field.
Suggestion icon (): Indicates a list that is dynamically populated based on the configuration.
Expression icon (): Indicates whether the value is an expression (if enabled) or a static value (if disabled). Learn more about Using Expressions in SnapLogic.
Add icon (): Indicates that you can add fields in the fieldset.
Remove icon (): Indicates that you can remove fields from the fieldset.
Field Name | Field Type | Description | |
---|---|---|---|
Label Default Value: None | String | Specify a unique label for the account. | |
Access-key ID Default Value: None | String/Expression  | The Access key ID part of AWS authentication. | |
Secret key Default Value: [None] | String/Expression  | The Secret key part of AWS authentication. | |
Security Token Default value: [None | String/Expression | The Security token part of AWS Security Token Service (STS) credentials. | |
Server-side encryption Default value: Not Selected | Checkbox | The type of encryption to use for the objects stored in S3. For Snaps that write objects to S3, this field defines how the objects will be encrypted. For Snaps that read objects from S3, this field is not required. | |
KMS Encryption type Default value: None | Dropdown list  | The AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. The available options are:
For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. | |
KMS key Default value: None | String/Expression  | The AWS Key Management Service key used to encrypt S3 objects. It can be the key ID or ARN. For Snaps that write objects to S3, this is required for encryption types Server-Side encryption with AWS KMS-Managed Keys and Client-Side encryption with AWS KMS-Managed Keys. For Server-Side encryption, the key must be in the same region as the S3 bucket. For Client-Side encryption, a key from any region can be used by using the key ARN value. If a key ID is used for Client-Side encryption, it defaults to the us-east-1 region. For Snaps that read objects from S3, this field is not required. | |
KMS region Default value:Â None | String/Expression | The AWS region where the KMS key is located. | |
Cross Account IAM Role | Use this field set to manage account access. Learn more about setting up Cross Account IAM Role. | ||
Role ARN Default value:Â None | String/Expression | The Amazon Resource Name of the role to assume. Â | |
External ID Default value:Â None | String/Expression | An optional external ID that might be required by the role to assume. Â | |
Support IAM role max session duration | Checkbox | Select this checkbox when you want to extend the maximum session duration of an IAM role defined in AWS. On selecting this checkbox, the cross account IAM role is assumed with the maximum session duration defined for the IAM role. This checkbox is deselected by default. The default maximum session duration for an IAM role is one hour; however, you can define a custom duration between 1-12 hours. Learn how to increase the IAM role maximum session duration limit. |
Â
Â
Have feedback? Email documentation@snaplogic.com | Ask a question in the SnapLogic Community
© 2017-2024 SnapLogic, Inc.