Attach an Amazon Web Services (AWS) volume (IAM role)
Navigation
- Amazon Web Services Simple Storage Service (AWS S3) Volumes
- Attach an Amazon Web Services (AWS) volume volume using an IAM user
- Attach an Amazon Web Services (AWS) volume using an IAM role:
- Via the visual interface
- Via the API:
Overview
Attach a volume for use on the Platform's visual interface. Use this tutorial if your cloud storage provider is Amazon Web Services (AWS).
Prerequisite
- An Amazon Web Services (AWS) account.
- One or more buckets on this AWS account.
Step 1: Access the Volumes Dashboard
- Click on the Data tab of the top navigation bar.
- Select Volumes from the drop-down menu.
Step 2: Choose a cloud storage provider
- On the Volumes Dashboard, click +Attach volume.
- Select Amazon Web Services as your cloud storage provider.
Step 3: Provide S3 bucket details
- Enter your S3 bucket name, as displayed in the AWS Management Console.
- (Optional) Define a new name for the volume created from this S3 bucket on the Platform.
- (Optional) Enter a description for your volume.
- Select access privileges: choose between Read only (RO) and Read and Write (RW) permissions.
- (Optional) enter a prefix. Learn more about prefixes.
- Click Next.
Step 4: Copy the policy
In this step, copy the policy and use it to create a new custom policy in the AWS Management Console.
- Copy the policy from the text box on the Platform.
- Go to the AWS Management Console.
- In the top menu select Services and then choose IAM.
- In the left navigation menu select Policies.
- Click Create policy and select the JSON tab.
- Paste the policy you copied from the wizard on the Platform, replacing the existing content.
- Click Next: Tags
- (Optional) Add tags that will help you identify the policy.
- Click Next: Review.
- Enter a policy name, e.g.
sb-access-policy
(remember this policy name as you will need to attach it later to the IAM role). - (Optional) Enter the policy description.
- Click Create policy to finish process of policy creation.
Step 5: Set up an IAM role and enter its details
Authentication of the Platform is done through AWS Identity and Access Management (IAM) services.
Follow these steps to create an AWS IAM role that you will use to connect an S3 bucket (volume) to the Platform:
- Log in to the AWS Management Console.
- In the top menu select Services and then choose IAM.
- In the left navigation menu select Roles, and then choose Create role.
- In the Select type of trusted entity section, choose Another AWS account.
- Enter the following values:
- Account ID: 769038186821
- Check Require External ID and enter at least 6 characters (strongly recommended).
- Click Next: Permissions.
- Use the search bar to find and select the policy you created earlier (e.g.
sb-access-policy
) - Click Next: Tags.
- (Optional) Add tags to the role. These are key-value pairs that contain additional information about the IAM role and are not necessary for the process of attaching a volume to the Platform.
- Click Next: Review.
- Enter Role name and its optional description.
- Click Create role to complete the process of role creation. List of all available roles opens.
- Click the name of your newly created role to see the necessary details.
- Copy the value of Role ARN and paste it in the corresponding field of the volume connection wizard on the Platform.
- In the AWS Management Console, under the Trust relationships tab click Edit trust relationship.
- Copy the value of sts:ExternalId and paste it in the corresponding field of the volume connection wizard on the Platform.
- On the Platform, copy the generated policy from the text box at the bottom of the wizard.
- Go back to the AWS Management Console.
- Under the Trust relationships tab for your IAM role, click Edit trust relationship and replace the Policy Document with the copied policy.
- Click Update Trust Policy to save the update.
- On the Platform, click Next in the volume connection wizard.
Step 6: Configure additional options
In this tab, you have the option to configure the endpoint, server-side encryption, and AWS Canned ACL.
Step 7: Review volume details
On this tab, review the details for your volume and click Connect.
Next step
Congratulations! You've attached your volume to the Platform. You can make individual data objects within it available as "aliases" on the Platform. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on the Platform. We call this operation "importing".