Please use the form below to provide your feedback. Because your feedback is valuable to us, the information you submit in this form is recorded in our issue tracking system (JIRA), which is publicly available. You can track the status of your feedback using the ticket number displayed in the dialog once you submit the form.

Cloud Read/Write Permissions for AWS

  • Capella Analytics
  • reference
    +
    This page outlines the required read and write permissions when copying data to or from external cloud providers.

    Exclusive permissions are required when reading from cloud storage using External Collections or writing to cloud storage using COPY TO statements.

    Prerequisites

    Before granting permissions, ensure you have the following:

    • An AWS account with the necessary administrative privileges.

    • Access to the AWS Management Console.

    • The name of the S3 bucket you want to access.

    Read Permissions

    You need Read permissions when reading from cloud storage using External Collections.

    To create a policy and grant read permissions to your AWS S3 cloud storage:

    1. Go to the AWS Console.

    2. From the Dashboard, select IAM.

    3. Select Policies.

    4. Select Create Policy.

    5. In the Policy Editor, select JSON.

    6. Paste the following policy:

      • s3:ListBucket permission

      • s3:GetObject permission

          {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::your-bucket-name"
        }
    ]
}

    7. Give the policy a name and create the policy.

    8. Attach the policy to the desired IAM User or Role.

      It grants the selected permissions to the selected resources in the policy.

    Read and Write Permissions

    Read and write permissions are needed when writing to cloud storage using COPY TO statements.

    To create a policy and grant read and write permissions to your AWS S3 cloud storage:

    1. Go to the AWS Console.

    2. From the Dashboard, select IAM.

    3. Select Policies.

    4. Select Create Policy.

    5. In the Policy Editor, select JSON.

    6. Paste the following policy:

      • s3:ListBucket permission

      • s3:GetObject permission

      • s3:PutObject permission

      • s3:DeleteObject permission

        {
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::your-bucket-name/*"
        },
        {
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::your-bucket-name"
        }
    ]
}

    See Also