Amazon S3 Connector Guide > Amazon S3 Connections > Amazon S3 Connection Properties
  

Amazon S3 Connection Properties

IAM authentication provides secured access to Amazon S3 resources. You can use the AWS IAM system to map policies to IAM roles or external resources and to determine the list of permissions that can be assigned to the IAM roles.
Note: The IAM role that you configure in the Amazon S3 connection properties will have access to all the queues that you include in the Amazon S3 event source and event target properties. You must create a separate app connection to configure an IAM role to access a different set of Amazon S3 queues.
When you select Amazon S3 as the connection type, you can configure Amazon S3 specific connection properties. The following table defines the Amazon S3 connection properties that you must configure in the Connection Properties section:
AWS Signature Settings
Description
Access Key ID
AWS access key ID of the requester. Alternatively, you can pass the following access key in the AWS SDK in the Java system properties:
aws.accessKeyId
You can pass the key using the AWS_ACCESS_KEY_ID environment variable.
Secret Access Key
AWS secret key of the requester. Alternatively, you can pass the following secret key in the AWS SDK in the Java system properties:
aws.secretKey
You can pass the secret key using the AWS_SECRET_ACCESS_KEY environment variable.
Use EC2 Role to Assume Role
Enables the EC2 role to assume another IAM role specified in the IAM Role ARN option.
IAM Role ARN
The Amazon Resource Name (ARN) of the AWS Identity and Access Management (IAM) role assumed by the user to use the dynamically generated temporary security credentials.
External Id
Provides a more secure access to the Amazon S3 bucket when the Amazon S3 bucket is in a different AWS account. You can use external ID to grant access to your AWS resources to a third party.
The following table describes the Amazon S3 policy and region settings, which apply to all event sources and event targets in the connection:
Amazon S3 Settings
Description
Policy
Optional. The bucket policy (using the JSON-based access policy language required by Amazon) to be applied to any new bucket created by the process.
Amazon S3 Endpoint
Optional. The region-specific website endpoint where the S3 bucket must reside if the process creates a new bucket. For example:
s3-website-us-east-1.amazonaws.com
Region
Optional. The region where a new bucket must be located. For example:
us-east1
Some regions support Amazon S3 buckets that support both Signature Version 2 and Signature Version 4 authentications. By default, the connection uses the Signature Version 2 authentication.
You must specify the target region explicitly in the Amazon S3 Endpoint field to run a process to read or write data to an Amazon S3 bucket that requires Signature Version 4 authentication. Else, the connection uses the Signature Version 2 authentication and the mapping fails. For more information about the Amazon S3 bucket regions support, see Amazon S3 documentation.
The following table describes the client-side encryption settings, which apply to all event sources and event targets in the connection:
Client-Side Encryption Settings
Description
Use Data Encryption
If you select Yes, the content of the S3 objects will be decrypted and encrypted by event sources and targets.
Default is No.
Encryption Algorithm
Optional. Encryption algorithm that must be used to decrypt and encrypt the S3 objects.
Encryption Key
Optional. Base64-encoded secret key that must be used for encryption. The length of the key must match the required key length of the selected encryption algorithm (AES - 128, 192 or 256 bits; DES - 64 bits; 3DES - 192 bits).
Encryption Password
Optional. Encryption password that should be used to generate an encryption key. You can either enter the encryption key or generate the key using this parameter. If both parameters are provided, the encryption key is used.