Amazon S3
This section provides a description of the script components for Cloud > Amazon S3.
IAM access permissions
When you use Amazon S3 connectors, appropriate permissions are required for each account that is used to connect to an Amazon Web Services service.
Amazon S3 connectors require the following IAM access permissions:
Connections
|
Action name |
Remarks |
|---|---|
|
s3:ListAllMyBuckets |
This permission is necessary to execute Verify Connection. |
Get Bucket List
|
Action name |
Remarks |
|---|---|
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Get File/Folder List
|
Action name |
Remarks |
|---|---|
|
s3:GetObjectAcl |
|
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Read File/Folder
|
Action name |
Remarks |
|---|---|
|
s3:GetObject |
|
|
s3:GetObjectAcl |
This permission is necessary if Include permissions in result is selected. |
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Write File/Folder
|
Action name |
Remarks |
|---|---|
|
s3:PutObject |
|
|
s3:GetObjectAcl |
This permission is necessary if Include permissions in result is selected. |
|
s3:PutObjectAcl |
This permission is necessary if Public is selected for Permissions. |
|
s3:CreateBucket |
This permission is necessary if Create a bucket when it doesn't exist is selected. |
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Copy File/Folder
|
Action name |
Remarks |
|---|---|
|
s3:GetObject |
|
|
s3:GetObjectAcl |
|
|
s3:GetObjectTagging |
|
|
s3:PutObject |
|
|
s3:PutObjectAcl |
|
|
s3:PutObjectTagging |
|
|
s3:CreateBucket |
This permission is necessary if Create a copy destination bucket when it doesn't exist is selected. |
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Delete File/Folder
|
Action name |
Remarks |
|---|---|
|
s3:GetObject |
|
|
s3:DeleteObject |
|
|
s3:DeleteBucket |
This permission is necessary if Delete bucket is selected. |
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Read File/Folder (Data)
|
Action name |
Remarks |
|---|---|
|
s3:GetObject |
|
|
s3:GetObjectAcl |
This permission is necessary if Include permissions in result is selected. |
|
s3:ListAllMyBuckets |
|
Write File/Folder (Data)
|
Action name |
Remarks |
|---|---|
|
s3:PutObject |
|
|
s3:GetObjectAcl |
This permission is necessary if Include permissions in result is selected. |
|
s3:CreateBucket |
This permission is necessary if Create a bucket when it doesn't exist is selected. |
|
s3:ListBucket |
The desired bucket must be included in the available resources. |
|
s3:ListAllMyBuckets |
|
Support for closed network connections using Amazon S3 connector
Amazon S3 connector supports Amazon S3 connections that use the AWS internal communication network via a VPC Endpoint (gateway endpoint).
A gateway endpoint is a VPC Endpoint not subject to fees that is used for connection to the S3 bucket.
The gateway endpoint is configured internally in the system when you begin your HULFT Square contract. It can't be configured or viewed on the screen by users.
You also can't select the connection route, which is determined by the region of the connection destination S3 bucket, as shown below.
|
Destination S3 bucket |
Connection route |
|---|---|
|
Asia-Pacific (Tokyo) region |
Connection to S3 bucket via VPC Endpoint (gateway endpoint) |
|
Areas other than the Asia-Pacific (Tokyo) region |
Connection to S3 bucket via Internet Gateway |
Refer to the descriptions on each page from the links below.