Amazon S3

To read from and write to your Amazon S3 buckets in Upsolver, you must first create a connection that provides the appropriate credentials to access your buckets.

Syntax

CREATE S3 CONNECTION <connection_identifier> 
   [ { AWS_ROLE = '<role_arn>' 
       EXTERNAL_ID = '<external_id>'
     | AWS_ACCESS_KEY_ID = '<key_id>' 
       AWS_SECRET_ACCESS_KEY = '<key>' } ]
   [ PATH_DISPLAY_FILTER[S] = { '<path>' | ('<path>' [, ...]) } ]
    [ READ_ONLY = { TRUE | FALSE } ]
   [ { ENCRYPTION_KMS_KEY = '<key>' ] | ENCRYPTION_CUSTOMER_MANAGED_KEY = '<key>' } ]
   [ COMMENT = '<comment>' ];

Jump to

• AWS_ROLE

• EXTERNAL_ID

• AWS_ACCESS_KEY_ID

• AWS_SECRET_ACCESS_KEY

• PATH_DISPLAY_FILTER[S]

• READ_ONLY

• ENCRYPTION_KMS_KEY

• ENCRYPTION_CUSTOMER_MANAGED_KEY

• COMMENT

Connection options

AWS_ROLE — editable

Type: text

(Optional) The AWS IAM role ARN. Used in conjunction with EXTERNAL_ID.

If omitted, the role created when integrating Upsolver with the AWS account is used.

To learn how to provide a role with the proper credentials, see: Configure access to S3

EXTERNAL_ID — editable

Type: text

(Optional) The external ID of the role to assume. Used in conjunction with AWS_ROLE.

If omitted, the role created when integrating Upsolver with the AWS account is used.

AWS_ACCESS_KEY_ID — editable

Type: text

(Optional) The AWS access key ID. Used in conjunction with AWS_SECRET_ACCESS_KEY.

If omitted, the role created when integrating Upsolver with the AWS account is used.

AWS_SECRET_ACCESS_KEY — editable

Type: text

(Optional) The AWS secret key corresponding to the provided AWS_ACCESS_KEY_ID.

If omitted, the role created when integrating Upsolver with the AWS account is used.

PATH_DISPLAY_FILTER[S] — editable

Type: text | list

(Optional) A single path or the list of paths to show. If not provided, all buckets are shown.

Paths should be provided in the following format: s3://bucket/prefix. This shows anything beginning with the given prefix.

To filter by a specific folder, use the following format: s3://bucket/folder-path/

READ_ONLY — editable

Type: Boolean

Default: false

(Optional) Whether or not the connection is read-only.

When true, Upsolver is not able to write data to or delete data from, the bucket.

ENCRYPTION_KMS_KEY — editable

Type: text

(Optional) The ARN of the KMS key to use.

If omitted, uses the default encryption defined on the bucket in AWS.

ENCRYPTION_CUSTOMER_MANAGED_KEY — editable

Type: text

(Optional) The Base64 text representation of the encryption key to use.

If omitted, uses the default encryption defined on the bucket in AWS.

COMMENT — editable

Type: text

(Optional) A description or comment regarding this connection.

Examples

Minimum example

CREATE S3 CONNECTION my_s3_connection;

Full example

CREATE S3 CONNECTION s3_example
    AWS_ROLE = 'arn:aws:iam::123456789012:role/upsolver-sqlake-role'
    PATH_DISPLAY_FILTERS = ('s3://bucket1/', 's3://bucket2/folder-path/')
    READ_ONLY = TRUE
    ENCRYPTION_KMS_KEY = 
        'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'
    COMMENT = 'My new S3 connection';