Establishing the Connection to the S3 Storage System

{"URL":["/*.*/awa/pa_view_pa_view_CONN_s3"],"heroDescriptionIdentifier":"ice_hero_CONN_S3","customCards":[{"id":"ice_one_specific_CONN_AWS_S3","title":"Defining the Connection Parameters for AWS Storage","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/S3/S3_EstablishingConnection.htm","languages":["en-us"]},{"id":"ice_AmazonWebService_S3_Authentication_video_CONN","title":"Watch the Video: AWS S3 Authentication Methods","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/_CommonTopics/Video_AWS_S3_AuthMethods.htm","languages":["en-us"]},{"id":"ice_two_specific_CONN_GCS_S3","title":"Defining the Connection Parameters for Google Cloud Storage","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/S3/S3_EstablishingConnection.htm","languages":["en-us"]},{"id":"ice_GoogleCloudStorage_S3_Authentication_video_CONN","title":"Watch the Video: Google Authentication Methods","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/_CommonTopics/Video_GoogleAuthMethods.htm","languages":["en-us"]},{"id":"ice_Proxy_CONN_S3","title":"Defining the Proxy Parameters","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/S3/S3_EstablishingConnection.htm","languages":["en-us"]},{"id":"ice_related_information_CONN_S3","title":"Related Information","type":"customize","url":"https://docs.automic.com/documentation/webhelp/english/ALL/components/IG_S3/*.*/Agent%20Guide/Content/S3/S3_EstablishingConnection.htm","languages":["en-us"]}]}

A Connection object contains the parameters that make the communication between the Agent and the target system possible. These parameters (target system endpoint, login data and so on) are required to authenticate on and connect to the target cloud solution.

As an administrator user, you create the S3 Connection objects that provide the log in data required to establish the connection to the AWS S3 or GCS system.

As a developer or object designer, you assign the respective S3 Connection object to the respective Copy, Delete, Download, Exist, Monitor, Move and Upload File Jobs to create and execute them on the S3 system without leaving the Automic Web Interface.

The Connection Object definition consists of an Agent-specific page and other pages that are common to all Connection objects.

This topic explains how to configure the S3 Connection object.

S3 Page

The S3-specific page consists of the Connection section, which allows you to define the parameters relevant for the connection to the S3 system.

The definition of the Connection object depends on the Cloud Storage Type that you select. The ones available are:

  • AWS to connect to an AWS S3 storage system

  • GCS to connect to a Google Cloud Storage system

Connecting to AWS S3 Storage System

Make sure you select AWS as your Cloud Storage Type and continue with the definition of the object.

  • Endpoint: Endpoint for the region in which the S3 bucket is located, for example https://s3.us-east-2.amazonaws.com.

    Make sure that the URL does not have a slash at the end as that causes the authentication to fail.

  • Credentials Method: Select one of the credential methods available:

    AWS Credentials File Path

    • Profile Name: Define the credential profile name.

    • Credentials File Path: Specify the file location of the AWS credential file on the agent machine.

      Example

      Windows: C:\Users\user\Documents\AWS\credential

      UNIX:/home/user/aws/credentials

    EC2 Profile Instance

    Allows you to connect to an EC2 VM within an AWS cloud application.

    • Profile Instance Name: Define the credentials used for authentication on the EC2 server.

    Note:

    To use this option, you must have an EC2 instance profile. For instructions on how to set it up, please refer to the official AWS documentation.

    Secret Access Key

    • Access Key: Define the access key.

    • Secret Access Key: Define the encrypted access key secret value.

    External Provider

    Allows you to set up single sign-on (SSO) with SAML using either a service or an identity provider.

    Note:

    Azure is the identity provider supported. To set it up as your AWS identity provider, please refer to the official Azure and AWS documentations, respectively.

    Define the authentication data required to access the AWS system using single sign-on (SSO):

    • Tenant ID: Identifier of the Azure AD tenant.

    • Authentication URL: URL that identifies the network address of the Azure AD used to secure the application.

      By default, the URL (https://login.microsoftonline.com) points to the Azure AD log in. If you do not want to use this URL, make sure you change the default definition.

    • SAML Username: Username used for SAML authentication when setting up Azure as your AWS identity provider.

    • SAML Password: Password for the user used for SAML authentication.

    • Principal ARN: Enter the Amazon Resource Name (ARN) of the account's principal.

    • Role ARN: Enter the Amazon Resource Name (ARN) of the role to be assumed by the user.

    • Identity Provider: Azure is the identity provider supported.

    Assume Role

    Allows you temporarily to assume a role and access different services with the credentials that you are assuming.

    • Access Key: Define the access key.

    • Secret Access Key: Define the encrypted access key secret value.

    • Role ARN: Enter the Amazon Resource Name (ARN) of the role to be assumed by the user.

    • Role Session Name: Define a name for the respective session to differentiate it from other sessions that you might have using the same assumed role.

Connecting to GCS Storage System

Make sure you select GCS as your Cloud Storage Type and continue with the definition of the object.

  • Endpoint: The login URL for the Google Cloud Storage application to which you want to connect.

    By default, the URL (https://storage.googleapis.com) points to the GCS log in. If you do not want to use this URL, make sure you change the default definition.

  • Credentials Method

    Service Account Key

    Select how to provide the relevant authentication information for the service account:

    • File Path

      Enter the file path to the JSON file that contains the authentication information. Make sure that the file is available on the Agent machine (host).

    • JSON

      Enter the JSON payload definition.

Proxy Section

If the AWS S3 or GCS S3 system is behind a proxy server, you define the parameters relevant for the connection to that system in this section.

  • Proxy Host Name

    Host name or IP address of the proxy server to which you want to connect.

  • Proxy Port

    Port used by the proxy server.

  • Proxy Username

    User name used to authenticate the proxy server.

  • Proxy Password

    Password of the user used to authenticate the proxy server.

Common Definition Pages

In addition to the Agent-specific connection parameters, you can also specify optional properties. You do so on the following definition pages:

See also: