- 07 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
S3 Connection Configuration
- Updated on 07 Dec 2022
- 2 Minutes to read
-
Print
-
DarkLight
This is a machine-translated version of the original Japanese article.
Please understand that some of the information contained on this page may be inaccurate.
summary
This is a help page for the procedure for using S3 with trocco.
Input field
Basic Information
Item nameRequired | content | |
---|---|---|
name | Yes | Enter the name of the connection information to be used inside TROCCO. |
memorandum | No | Enter a memo of the connection information used inside TROCCO. |
Connection Information
You can choose one of the following AWS authentication methods:
- IAM role: Gets temporary credentials during data transfer.
- IAM user: Issue permanent credentials and use them during data transfer.
Unlike authentication by IAM users, you do not need to enter your credentials (AWS access key / AWS secret access key) on trocco. This allows you to build a more secure data transfer environment.
In order to obtain temporary authentication information at the time of data transfer, in the IAM role of AWS managed by the customer,
You must register your Trocco AWS account as a trusted entity type.
For more information about IAM roles, see the instructions for issuing IAM roles.
AWS Authentication Method: For IAM Roles
Item nameRequired | content | |
---|---|---|
AWS Account ID | Yes | Enter the AWS account ID where your IAM role resides. |
IAM Role Name | Yes | Enter the IAM role name that you created in your AWS account. Example: trocco-role |
AWS account ID for trocco (read-only) | - | When issuing IAM roles, allow the following AWS account IDs.545668264778 |
External ID (read-only) | - | Allow this external ID when issuing the IAM role. |
AWS Authentication Method: For IAM Users
Item nameRequired | content | |
---|---|---|
AWS Access Key ID | Yes | Enter the IAM user access key ID that you created in AWS. |
AWS secret access key | Yes | Enter the secret access key for the IAM user that you created in AWS. |
Refer to the procedure for issuing IAM users.
Steps for publishing IAM roles
From the IAM Management Console screen in AWS, click Create Role > Role.
In Step 1 Select Trusted Entities, configure the following settings:
信頼されたエンティティタイプ
: Choose AWS Account.別のAWSアカウント
: Enter the "trocco AWS account ID" in trocco's S3 connection information form.外部IDを要求する > 外部ID
: Enter the External ID of trocco's S3 connection information form.
Step 2In "Add permission", make any settings.
Step 3In "Name, Verify, and Create", make any settings.
- Make a note of the role name you enter here.
In trocco's S3 connection information form, in IAM Role Name, enter a role name.
Steps for publishing IAM users
Group creation
Log in to the IAM Console.
Select a group from the main page and click Create New Group.
Enter a group name and click Next Step.
Select the required policy and click Next Step. Choose Amazon S3 Full Access.
Click Create Group.
User Creation
Select a user from the main page and click Create New User.
Enter your user name and select Programmatic Access as the access type.
Create a user by adding the user to the group you just created.
After creation, the AWS Access Key ID and AWS Secret Access Key are displayed.
Permissions that need to be granted
The permissions that need to be granted to the user used for S3 connection information are as follows.
- s3:GetBucketLocation
- s3:ListBucket
- s3:GetObject
- s3: PutObject (if it is also used as a forwarding destination)
If you use it only as a transfer source, you can connect without problems if the above three are granted.
supplement
Reference: AWS official website