Amazon S3 Connector Guide > Introduction to Amazon S3 Connector > Administration of Amazon S3 Connector
  

Administration of Amazon S3 Connector

As a user, you can use Amazon S3 Connector after the organization administrator performs the following tasks:

Create an Access Key ID and Secret Access Key

    1. Log in to Amazon Web Services and navigate to the Security Credentials page.
    2. Expand the Access Keys section, and click Create New Access Key.
    3. Click the Show Access Key link.
    4. Click Download Key File and save the file on the Secure Agent machine.

Enable Client-side Encryption

An organization administrator must perform the following tasks to enable client-side encryption:
  1. 1. Create a master symmetric key, which is a 256-bit AES encryption key in Base64 format.
  2. 2. Update the security policy .jar files on each Secure Agent machine in the runtime environment.
    3. Update the local_policy.jar and the US_export_policy.jar files in the following directory: <Secure Agent installation directory>\jre\lib\security. You can download the .jar files supported by the JAVA environment on the Secure Agent machine from the Oracle website.

Create Minimal Amazon S3 Bucket Policy

The minimal Amazon S3 bucket policy ensures Amazon S3 performs read and write operations successfully.
You can restrict user operations and user access to particular Amazon S3 buckets by assigning an AWS Identity and Access Management (IAM) policy to users. Configure the IAM policy through the AWS console. Following are the minimum required permissions for users to successfully read data from and write data to Amazon S3 bucket.
Sample Policy:
{
"Version": "2012-10-17", "Statement": [
{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:GetObjectVersion", "s3:DeleteObject", "s3:DeleteObjectVersion", "s3:ListBucket", "s3:GetBucketPolicy" ], "Resource": [ "arn:aws:s3:::<specify_bucket_name>/*", "arn:aws:s3:::<specify_bucket_name>/*" ] }
]
}