AWS S3

Source and destination

Polytomic offers the following methods for connecting to S3:

  • AWS Access Key ID and Secret
  • AWS IAM role

Each method is covered in its respective section below.

Connecting with an AWS Access Key ID and Secret

  1. In Polytomic, go to ConnectionsAdd ConnectionS3.
  2. For Authentication method, select Access Key and Secret.
Connecting to S3 with Access Key ID and Secret
  1. Enter the following information:
  • AWS Access ID.

  • AWS Secret Access Key.

  • S3 bucket region (e.g. us-west-1).

  • S3 bucket name.

    The S3 bucket name may contain an optional path which will limit access to a subset of the bucket. For example, the bucket name output/customers will limit Polytomic to the customers directory in the output bucket.

  1. Click Save.

Connecting with an AWS IAM Role

  1. In Polytomic, go to ConnectionsAdd ConnectionS3.
  2. For Authentication method, select IAM role.
  1. Enter values for the following fields:
  • IAM Role ARN.
  • S3 bucket region (e.g. us-west-1).
  • S3 bucket name.
    The S3 bucket name may contain an optional path which will limit access to a subset of the bucket. For example, the bucket name output/customers will limit Polytomic to the customers directory in the output bucket.
  1. Click Save.

S3 Permissions

Polytomic requires the following permissions on S3 buckets and their contents:

  • s3:ReplicateObject
  • s3:PutObject
  • s3:GetObject
  • s3:ListBucket
  • s3:DeleteObject

For example, a valid IAM policy for a bucket syncoutput would be as follows.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "PolytomicBucket",
            "Effect": "Allow",
            "Action": [
                "s3:ReplicateObject",
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::syncoutput/*",
                "arn:aws:s3:::syncoutput"
            ]
        }
    ]
}