S3 Connection Configuration
  • 07 Dec 2022
  • PDF

S3 Connection Configuration

  • PDF

Article summary


This is a machine-translated version of the original Japanese article.
Please understand that some of the information contained on this page may be inaccurate.


This is a help page for the procedure for using S3 with trocco.

Input field

Basic Information

Item nameRequired
nameYesEnter the name of the connection information to be used inside TROCCO.
memorandumNoEnter a memo of the connection information used inside TROCCO.

Connection Information

You can choose one of the following AWS authentication methods:

  • IAM role: Gets temporary credentials during data transfer.
  • IAM user: Issue permanent credentials and use them during data transfer.
AWS Authentication with IAM Roles

Unlike authentication by IAM users, you do not need to enter your credentials (AWS access key / AWS secret access key) on trocco. This allows you to build a more secure data transfer environment.

In order to obtain temporary authentication information at the time of data transfer, in the IAM role of AWS managed by the customer,
You must register your Trocco AWS account as a trusted entity type.
For more information about IAM roles, see the instructions for issuing IAM roles.

AWS Authentication Method: For IAM Roles

Item nameRequired
AWS Account IDYesEnter the AWS account ID where your IAM role resides.
IAM Role NameYesEnter the IAM role name that you created in your AWS account.
Example: trocco-role
AWS account ID for trocco (read-only)-When issuing IAM roles, allow the following AWS account IDs.
External ID (read-only)-Allow this external ID when issuing the IAM role.

AWS Authentication Method: For IAM Users

Item nameRequired
AWS Access Key IDYesEnter the IAM user access key ID that you created in AWS.
AWS secret access keyYesEnter the secret access key for the IAM user that you created in AWS.
Steps for publishing IAM users

Steps for publishing IAM roles

  1. From the IAM Management Console screen in AWS, click Create Role > Role.

  2. In Step 1 Select Trusted Entities, configure the following settings:

    • 信頼されたエンティティタイプ: Choose AWS Account.
    • 別のAWSアカウント: Enter the "trocco AWS account ID" in trocco's S3 connection information form.
    • 外部IDを要求する > 外部ID: Enter the External ID of trocco's S3 connection information form.
  3. Step 2In "Add permission", make any settings.

  4. Step 3In "Name, Verify, and Create", make any settings.

    • Make a note of the role name you enter here.
  5. In trocco's S3 connection information form, in IAM Role Name, enter a role name.

Steps for publishing IAM users

Group creation

  1. Log in to the IAM Console.

  2. Select a group from the main page and click Create New Group.

  3. Enter a group name and click Next Step.

  4. Select the required policy and click Next Step. Choose Amazon S3 Full Access.

  5. Click Create Group.

User Creation

  1. Select a user from the main page and click Create New User.

  2. Enter your user name and select Programmatic Access as the access type.

  3. Create a user by adding the user to the group you just created.

  4. After creation, the AWS Access Key ID and AWS Secret Access Key are displayed.

Permissions that need to be granted

The permissions that need to be granted to the user used for S3 connection information are as follows.

  • s3:GetBucketLocation
  • s3:ListBucket
  • s3:GetObject
  • s3: PutObject (if it is also used as a forwarding destination)

If you use it only as a transfer source, you can connect without problems if the above three are granted.


Reference: AWS official website

Was this article helpful?