> ## Documentation Index
> Fetch the complete documentation index at: https://docs.visual-layer.com/llms.txt
> Use this file to discover all available pages before exploring further.
# Amazon S3 Integration
> Configure IAM policies and roles to securely connect Visual Layer with your private S3 buckets.
This guide explains how to configure AWS IAM policies and roles to grant Visual Layer secure access to your private S3 buckets.
## AWS Access Control Requirements
Visual Layer requires the following permissions on an S3 bucket to access files:
* `s3:GetBucket`
* `s3:GetObject`
* `s3:GetObjectVersion`
* `s3:ListBucket`
## Create an IAM Policy
Configure access permissions for Visual Layer in your AWS Management Console.
1. Log into the AWS Management Console.
2. From the home dashboard, search for and select **IAM**.
3. From the left-hand navigation pane, select **Account settings**.
4. From the left-hand navigation pane, select **Policies**.
5. Select **Create Policy**.
6. For **Policy editor**, select **JSON**.
7. Add a policy document that will allow Visual Layer to access the S3 bucket by copying and pasting the following text into the policy editor.
Replace `` with your actual bucket name.
```json theme={"theme":"monokai"}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucket*"
],
"Resource": "arn:aws:s3:::"
}
]
}
```
## Create the IAM Role
Configure the IAM role that Visual Layer will assume to access your bucket.
1. From the left-hand navigation pane in the Identity and Access Management (IAM) Dashboard, select **Roles**.
2. Select **Create role**.
3. Select **AWS account** as the trusted entity type.
4. In the **Account ID** field, enter your own AWS account ID temporarily. You will modify the trust relationship later to grant access to Visual Layer.
5. Select the **Require external ID** option. An external ID is used to grant access to your AWS resources (such as S3 buckets) to a third party like Visual Layer. Enter a placeholder ID such as 0000.
6. Click **Next**.
7. Select the policy you created above and click **Next**.
8. Enter a name and description for the role, then select **Create role**.
9. On the role summary page, locate and record the **Role ARN** value for later use.
You have now created an IAM policy for a bucket, created an IAM role, and attached the policy to the role.
## Grant IAM User Permissions
Configure the trust relationship to allow Visual Layer to assume the IAM role.
1. Log in to the AWS Management Console.
2. Select **IAM**.
3. From the left-hand navigation pane, select **Roles**.
4. Select the role you created above.
5. Select the **Trust Relationships** tab.
6. Select **Edit Trust Policy** and insert the following policy document.
```json theme={"theme":"monokai"}
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::027730031917:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
```
7. Select **Update Policy** to save your changes.
## Send the Role ARN to Visual Layer
After creating and configuring your IAM role, send the Role ARN to Visual Layer for configuration.
1. Go to the summary page of the IAM Role you created above.
2. Locate and record the Role ARN value.
3. Send it to [support@visual-layer.com](mailto:support@visual-layer.com) with the subject line "Private S3 bucket."
4. Visual Layer will review and confirm receipt of your configuration.
## Create a Dataset
Once Visual Layer confirms your IAM role configuration, you can create a dataset using your private S3 bucket.
1. [Create a new Dataset](/docs/quick-start/tutorial-create-dataset).
2. Select "Public S3 Bucket" as the data source.
3. Insert the URL to your private AWS S3 bucket.
## Related Resources
Configure GCS bucket access for Visual Layer
Step-by-step guide to creating datasets