Cloud Read/Write Permissions
- reference
This page outlines the required read and write permissions when copying data to or from external cloud providers.
Exclusive permissions are required when reading from cloud storage using External Collections or writing to cloud storage using COPY TO statements.
AWS Simple Storage Service (S3)
Read Permissions
Read permissions are needed when reading from cloud storage using External Collections. To grant the required permissions, follow these steps:
First, create a policy that has the desired permissions:
-
Go to the AWS Console.
-
From the Dashboard, select IAM.
-
Select Policies.
-
Select Create Policy.
-
In the Policy Editor, select JSON.
-
Paste the following policy:
-
s3:ListBucket permission -
s3:GetObject permission{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject" ], "Resource": "arn:aws:s3:::your-bucket-name/*" }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::your-bucket-name" } ] }
-
-
Give the policy a name and create the policy.
-
Attach the policy to the desired IAM User or Role.
It grants the selected permissions to the selected resources in the policy.
Read and Write Permissions
Read and write permissions are needed when writing to cloud storage using COPY TO statements.
-
Go to the AWS Console.
-
From the Dashboard, select IAM.
-
Select Policies.
-
Select Create Policy.
-
In the Policy Editor, select JSON.
-
Paste the following policy:
-
s3:ListBucket permission -
s3:GetObject permission -
s3:PutObject permission -
s3:DeleteObject permission
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject", "s3:DeleteObject" ], "Resource": "arn:aws:s3:::your-bucket-name/*" }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::your-bucket-name" } ] } -
You have granted all necessary permissions.