How to grant access for Graft to your S3 data
Overview
If your data resides in Amazon S3 either as a single file or one or more directories, Graft can connect and process it. In order to do this your company must grant Graft access to those files or directories through the creation of an access policy.
Anyone with administrative credentials to your S3 environment can set this up.
The most up to date configuration details can be found by Clicking the info icon when configuring the Graft S3 File or Directory connector.
We provide options for using the AWS console or Command line.
AWS Command Line interface (CLI)
You will be presented with the following window...
The example shown is for our "Graft" org
Follow the instructions to create a policy file (named policy.json)
- Click on the clipboard icon to copy the required policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::233239520659:role/graft-org-<your_org_name_here>"
},
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::<BUCKET_NAME>",
"arn:aws:s3:::<BUCKET_NAME>/*"
]
}
]
}
- Update the role/graft-org-<your_org_name_here> reflect your org name
- e.g for the acme organization this would be role/graft-org-acme
- Update the BUCKET_NAME to suit your bucket structure
- Save the file
- Copy the command line and RUN
aws s3api put-bucket-policy --bucket <BUCKET_NAME> --policy file://policy.json
AWS Console
You will be presented with the following window... (example org = graft)
Go to the permissions tab for <BUCKET_NAME>, click edit on the bucket policy card, and enter the following:
- Update the role/graft-org-<your_org_name_here> reflect your org name
- e.g for the acme organization this would be role/graft-org-acme
- Update the BUCKET_NAME to suit your bucket structure
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::233239520659:role/graft-org-<your_org_name_here>"
},
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": [
"arn:aws:s3:::<BUCKET_NAME>",
"arn:aws:s3:::<BUCKET_NAME>/*"
]
}
]
}