Preparing a private AWS S3 bucket
Step 1: Configure access permissions for the S3 bucket
AWS access control requirements
VisualLayer requires the following permissions on an S3 bucket to be able to access files in the bucket:
- s3:GetBucket*
- s3:GetObject
- s3:GetObjectVersion
- s3:ListBucket
Creating an IAM policy
The following step-by-step instructions describe how to configure access permissions for VisualLayer in your AWS Management Console so that you can use an S3 bucket to load and unload data:
-
Log into the AWS Management Console
-
From the home dashboard, search for and select IAM
-
From the left-hand navigation pane, select Account settings
-
From the left-hand navigation pane, select Policies
-
Select Create Policy
-
For Policy editor, select JSON
-
Add a policy document that will allow VisualLayer to access the S3 bucket. Copy and paste the text into the policy editor:
Make sure to replace <bucket> with your actual bucket name
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectVersion"
],
"Resource": "arn:aws:s3:::<bucket>/*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket",
"s3:GetBucket*"
],
"Resource": "arn:aws:s3:::<bucket>"
}
]
}
Step 2: Create the IAM Role in AWS
To configure access permissions for VisualLayer in the AWS Management Console, do the following:
-
From the left-hand navigation pane in the Identity and Access Management (IAM) Dashboard, select Roles
-
Select Create role
-
Select AWS account as the trusted entity type
-
In the Account ID field, enter your own AWS account ID temporarily. Later, you modify the trust relationship and grant access to VisualLayer
-
Select the Require external ID option. An external ID is used to grant access to your AWS resources (such as S3 buckets) to a third party like VisualLayer. Enter a placeholder ID such as 0000
-
In a later step, you will modify the trust relationship for your IAM role and specify the external ID for your storage integration and click Next
-
Select the policy you created in Step 1 and click Next
-
Enter a name and description for the role, then select Create role. You have now created an IAM policy for a bucket, created an IAM role, and attached the policy to the role
-
On the role summary page, locate and record the Role ARN value, you will be asked to send it to us in step 4
Step 3: Grant the IAM User Permissions to Access Bucket Objects
The following step-by-step instructions describe how to configure IAM access permissions for VisualLayer in your AWS Management Console so that you can use a S3 bucket:
-
Log in to the AWS Management Console
-
Select IAM
-
From the left-hand navigation pane, select Roles
-
Select the role you created in Step 2
-
Select the Trust Relationships tab
-
Select Edit Trust Policy and insert the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::027730031917:root"
},
"Action": "sts:AssumeRole",
"Condition": {}
}
]
}
- Select Update Policy to save your changes
Step 4: Send us the Role ARN value
- Go to the summary page of the IAM Role you created on step 2
- Locate and record the Role ARN value, and send it to [email protected] with the title "Private S3 bucket"
- Wait for us to review and confirm this was received and configured
Step 5: Create a Dataset
- Create a new Dataset
- Select ״Public S3 Bucket״ as the data source
- Insert the URL to your private AWS S3 bucket
Updated 5 months ago