Amazon S3 Connector > Introduction to Amazon S3 Connector > Administration of Amazon S3 Connector

Administration of Amazon S3 Connector

As a user, you can use Amazon S3 Connector after the organization administrator performs the following tasks:

Create Minimal Amazon S3 Bucket Policy

The minimal Amazon S3 bucket policy restricts user operations and user access to particular Amazon S3 buckets by assigning an AWS Identity and Access Management (IAM) policy to users.
You can configure the IAM policy through the AWS console. Use AWS Identity and Access Management (IAM) authentication to securely control access to Amazon S3 resources. If you have valid AWS credentials and you want to use IAM authentication, you do not have to specify the access key and secret key when you create an Amazon S3 connection.
You can use the following minimum required actions for users to successfully read data from and write data to Amazon S3 bucket:
Sample Policy:
"Version": "2012-10-17", "Statement": [
{ "Effect": "Allow", "Action": [ "s3:PutObject", "s3:GetObject", "s3:DeleteObject", "s3:ListBucket", "s3:GetBucketPolicy" ], "Resource": [ "arn:aws:s3:::<specify_bucket_name>/*", "arn:aws:s3:::<specify_bucket_name>" ] }

IAM authentication

Optionally, if you do not provide the access key and the secret key in the connection, Amazon S3 Connector uses AWS credentials provider chain that looks for credentials in the following order:
  1. 1. The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY or AWS_ACCESS_KEY and AWS_SECRET_KEY environment variables.
  2. 2. The aws.accessKeyId and aws.secretKey java system properties.
  3. 3. The credential profiles file at the default location, ~/.aws/credentials.
  4. 4. The instance profile credentials delivered through the Amazon EC2 metadata service.
You can configure IAM authentication when the Secure Agent runs on an Amazon Elastic Compute Cloud (EC2) system.
Perform the following steps to configure IAM authentication on EC2:
  1. 1. Create minimal Amazon S3 bucket policy.
  2. 2. Create the Amazon EC2 role. The Amazon EC2 role is used when you create an EC2 system. For more information about creating the Amazon EC2 role, see the AWS documentation.
  3. 3. Link the minimal Amazon S3 bucket policy with the Amazon EC2 role.
  4. 4. Create an EC2 instance. Assign the Amazon EC2 role that you created in step #2 to the EC2 instance.
  5. 5. Install the Secure Agent on the EC2 system.
Use IAM authentication for secure and controlled access to Amazon S3 resources when you run a session.