Filter:
Submit Search

Create a connection to Amazon S3

This section explains how to create a connection to Amazon S3.

Description

In this scenario, create a connection to Amazon S3. You need to provide IAM role authentication information or an AWS access key (access key ID plus secret access key) during creation.

Bucket policy for closed network connections

If the destination bucket is in the Asia-Pacific (Tokyo) region, by specifying "aws:VpceAccount" as the condition key, access can be granted for the account that owns the VPC endpoint to which the request is sent.

Example:

{ 
  "Version": "2012-10-17",
  "Statement": [ 
    { 
      "Sid": "AllowHULFTSquareAccounts",
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<customer-aws-account-id>:role/<Dev>"
      },
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::<S3-bucket-name>/*"
      ],
      "Condition": {
        "StringEquals": {
          "aws:VpceAccount": "<aws account id>" 
        } 
      } 
    ] 
}

<customer-aws-account-id>

:

Your AWS account ID

<aws account id>

:

ID displayed in ORGANIZATION > System Information > AWS Account in HULFT Square

The above is only an example of the settings to allow the connection source account when a closed network connection is established. Configure settings according to the security requirements of your company.

Procedures

Create a connection to Amazon S3 (when using IAM role authentication)

  1. Select > HULFT INTEGRATE > Connections.

  2. On the Connections page, select Add New.

  3. In step Type on the Connections > Add New page, enter "Amazon S3" in the search box.

    = Remarks =

    You can select a connector from the connector list to narrow down resource types.

  4. From the Type list, select Amazon S3 connection and then select Next.

  5. In step General, set the fields related to connection resources as shown below, and then select Next.

    Field name

    Setting (example)

    Name

    Amazon S3 connection

    Workspace

    Personal

    Description

    (Optional)

  6. In step Settings, select IAM role for Authentication Type, set the IAM role ARN and external ID of the connection destination AWS, and then select Next.

    = Remarks =

    In the IAM role trust policy on the connection destination AWS, you must allow the HULFT Square AWS account entity, and set the external ID as the condition.

    Example:

    { 
  "Version": "2012-10-17",
  "Statement": [ 
    { 
      "Effect": "Allow",
      "Principal": {
        "AWS": [
             "arn:aws:iam::<aws account id>:root" 
                ] 
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": { 
          "sts:ExternalId": "<custom ID>" 
        }
      }
    ]
}

    <aws account id>

    :

    ID displayed in ORGANIZATION > System Information > AWS Account in HULFT Square

    <custom ID>

    :

    External ID that you set for External ID in the HULFT Square connection

    The above is only an example of the settings to allow the connection source account when a closed network connection is established. Configure settings according to the security requirements of your company.

    Setting an endpoint is optional. If you choose to set one, describe the Amazon S3 endpoint name (example: s3.ap-northeast-1.amazonaws.com). Specification in URL format (https://) is not supported.

  7. In step Profiles, select a profile.

    = Remarks =

    If you select a profile, the connection is registered to the profile. The profile can be used to switch the resource settings.

  8. In step Summary, confirm that the settings are correct, and then select Finish.

Create a connection to Amazon S3 (when using access key authentication)

  1. Select > HULFT INTEGRATE > Connections.

  2. On the Connections page, select Add New.

  3. In step Type on the Connections > Add New page, enter Amazon S3 in the search box.

    = Remarks =

    You can select a connector from the connector list to narrow down resource types.

  4. From the Type list, select Amazon S3 connection and then select Next.

  5. In step General, set the fields related to connection resources as shown below, and then select Next.

    Field name

    Setting (example)

    Name

    Amazon S3 connection

    Workspace

    Personal

    Description

    (Optional)

  6. In step Settings, select Access Key for Authentication Type, set the access key ID and secret access key of your AWS account, and then select Next.

    = Remarks =

    Setting an endpoint is optional. If you choose to set one, describe the Amazon S3 endpoint name (example: s3.ap-northeast-1.amazonaws.com). Specification in URL format (https://) is not supported.

  7. In step Profiles, select a profile.

    = Remarks =

    If you select a profile, the connection is registered to the profile. The profile can be used to switch the resource settings.

  8. In step Summary, confirm that the settings are correct, and then select Finish.

Policies     (c) Saison Technology Co.,Ltd. 2021

TOP