You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To allow the S3 ingestion source ingest metadata from an S3 bucket, you need to grant the necessary permissions to an IAM user or role. Follow these steps:
4
+
5
+
1.**Create an IAM Policy**: Create a policy that grants read access to the S3 bucket.
6
+
7
+
```json
8
+
{
9
+
"Version": "2012-10-17",
10
+
"Statement": [
11
+
{
12
+
"Sid": "VisualEditor0",
13
+
"Effect": "Allow",
14
+
"Action": [
15
+
"s3:ListBucket",
16
+
"s3:GetBucketLocation",
17
+
"s3:GetObject"
18
+
],
19
+
"Resource": [
20
+
"arn:aws:s3:::your-bucket-name",
21
+
"arn:aws:s3:::your-bucket-name/*"
22
+
]
23
+
}
24
+
]
25
+
}
26
+
```
27
+
28
+
**Permissions Explanation**:
29
+
-`s3:ListBucket`: Allows listing the objects in the bucket. This permission is necessary for the S3 ingestion source to know which objects are available to read.
30
+
-`s3:GetBucketLocation`: Allows retrieving the location of the bucket.
31
+
-`s3:GetObject`: Allows reading the actual content of the objects in the bucket. This is needed to infer schema from sample files.
32
+
33
+
34
+
2.**Attach the Policy to an IAM User or Role**: Attach the created policy to the IAM user or role that the S3 ingestion source will use.
35
+
36
+
37
+
3.**Configure the S3 Ingestion Source**: Configure the user in s3 ingestion who you attached the role above.
0 commit comments