Data Lake Authentication Options for S3
Project Data Credentials with Access Key/IAM Role
To authenticate using Project Data Credentials:
- For Authentication Method, select Project Data Credentials. Note that the IAM role that is used in the project data is shown under Modify Project Data Credentials.
- Under Policy JSON, copy the Policy JSON template and append to the existing IAM policy associated with the project role/user shown in the previous step. Alternatively, you can create a new IAM policy and attach it to the project role/user. For steps on how to attach new permission policies to an existing IAM role/user, see Set up AWS IAM Permissions.
Go back to the General tab configuration.
Data Source Credentials with Access Key
For authentication using Data Source Credentials with Access Key:
- For Authentication Method, select Data Source Credentials.
- For Create IAM Role or Access Key, select Access Key.
- Under Policy JSON, use the JSON template to create an IAM user with Access Key. Attach a policy to access the S3 source. For steps, see create an IAM user. Skip this step if you have already created an IAM user in the previous section.
- For Access Key ID, enter the access key ID that is specific to the S3 source.
- For Secret Access Key, enter the secret access key that is specific to the S3 source.
- (Optional) For Role ARN, enter the ARN of the IAM role the access key should assume.
Go back to the General tab configuration.
Data Source Credentials with IAM Role
For authentication using Data Source Credentials with a new IAM role:
- For Authentication Method, select Data Source Credentials.
- For Create IAM Role or Access Key, select IAM Role.
- Under Policy JSON, use the JSON template to create an IAM role for the S3 source. For steps, see create an IAM role. Skip this step if you have already created an IAM role in the previous section.
- For Role ARN, enter the role ARN for the source to assume the role.
- Under Modify Project Data Credentials, the IAM role/user associated with the project is shown.
- Under Policy JSON, use the JSON template to modify the project data role/user shown in the previous step to give it permissions to assume the IAM role you created for this source. For steps on how to attach new permission policies to an existing IAM role, see setting up AWS permissions.