/
Amazon S3

Amazon S3

With the Amazon S3 Collector and Amazon S3 Forwarder functions you can send and receive data to and from Amazon S3 buckets.

Before using the functions you must ensure that the Amazon S3 bucket(s) are setup using an IAM policy with the following minimum content:

{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowGetPutDelete", "Effect": "Allow", "Action": [ "s3:GetObject*", "s3:PutObject*", "s3:DeleteObject*", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts" ], "Resource": "arn:aws:s3:::<bucket-name>/*" }, { "Sid": "AllowListingBucket", "Effect": "Allow", "Action": [ "s3:ListBucket", "s3:ListBucketMultipartUploads" ], "Resource": "arn:aws:s3:::<bucket-name>" } ] }

"Resource": "arn:aws:s3:::<bucket-name>/*" means that actions in a statement are applicable to all objects in the S3 bucket arn:aws:s3:::<bucket-name>.

If you only want to share a certain key (folder) in the S3 bucket, you can specify the folder after the bucket name like this: arn:aws:s3:::<bucket-name>/<directory-to-share>/* in the Resource section, but this is only applicable for the AllowGetPutDelete statement.

Warning!
It is not recommended to use the AWS-managed policy AmazonS3FullAccess since this will allow all actions on all buckets and objects!

See https://docs.aws.amazon.com/s3/ for more information on how to set up IAM policies.

To connect to your bucket, you need to have your Access Key and Secret Access Key, see AWS security credentials - AWS Identity and Access Management for information on how to find this information. You also need to enter the folder from or to which you are collecting or sending data.

See Stream using Amazon S3 Functions - Acme EV for an example of how the Amazone S3 collector and forwarder can be used in a stream.

Common Configurations

For both functions, you need to configure AWS Credentials and File location.

AWS Credentials

The AWS Credentials can either be specified directly in the configuration dialog for the functions, or in an AWS Secret in the Secrets wallet, and must contain:

Setting

Description

Setting

Description

Access Key

The identifier used to sign the requests sent to Amazon S3, is referenced by S3 as the Access Key ID

Secret Key

The Secret Key is used in conjunction with the Access Key to cryptographically sign Amazon AWS requests. When you create the Access Key in Amazon S3 you can view and download the Secret Key. S3 references this as the Secret Access Key.

File location

The File location settings include:

Setting

Description

Setting

Description

Bucket

</