Skip to main content

Amazon S3

Amazon S3 (Simple Storage Service) is a cloud-based storage service provided by Amazon Web Services (AWS), allowing you to store and retrieve data from virtually anywhere on the web. S3 is commonly used with Tonkean for general file storage as well as for automated file orchestration.

Prerequisites

Before connecting Amazon S3 with Tonkean, you must generate the access key and secret key for the relevant S3 bucket. Additionally, Tonkean requires the following permissions:

  • s3:PutObject - To allow file upload

  • s3:GetObject - To allow file download

  • s3:DeleteObject - To allow file deletion

  • s3:PutObjectAcl - To allow editing file permissions

  • s3:ListBucket - To allow file data collection

  • s3:ListAllMyBuckets (Only required for Global - List All Buckets permission type)

You may adjust permissions granted as needed based on your use case.

Authenticate with Amazon S3

To use S3 in Tonkean, you must first connect it as a data source:

  1. Select the main nav icon, grid.png, in the upper left and select Enterprise Components. The Enterprise Components screen displays.

  2. Select + New Data Source in the upper right.

    connect_data_sources_add_data_source.png

  3. Select Cloud Application. The Add New Data Source window displays.

    add_cloud_application.png

  4. Enter "Amazon S3" in the search field, then select Amazon S3. The New Amazon S3 Connection window displays.

    add_amazon_s3_data_source.png

  5. Select Create a new connection. The Set Up Data Source window displays.

    new_amazon_s3_connection.png

  6. Select the Permission Type. The required configuration fields and available options differ based on which permission type you select. See the relevant section below for your selected permission type.

Set Up the Amazon S3 Data Source with Global Permission Type

The Global permission type connects the entire S3 instance to Tonkean and lists available buckets for you to connect to:

  1. In the Permission Type field, select Global - List Buckets.

    amazon_s3_set_up_data_source_global.png

  2. Retrieve the required credentials in your AWS instance and populate the following fields:

    • Region

    • Access Key

    • Secret Key

    amazon_s3_set_up_data_source_global_fields_filled.png

  3. Optionally, you may select Enable S3 Event Notifications via SNS Webhooks, turning on the option to use webhooks with your connected S3 bucket.

    To use webhooks with the Amazon S3 integrations, your AWS credentials must have the required permissions to create and manage SNS topics. Ensure your IAM user role has the necessary SMS permissions before enabling the webhooks. See the required permissions below:

    • SNS:CreateTopic

    • SNS:SetTopicAttributes

    • SNS:Subscribe

    • SNS:DeleteTopic

    • s3:PutBucketNotification

    • s3:GetBucketNotification

    The SNS resource prefix is TonkeanS3Topic_

    amazon_s3_set_up_data_source_global_enable_webhooks.png

  4. When finished, select Connect. The bucket and path selection fields display.

  5. In the dropdown provided, select the buckets you want to collect files from, as well as the specific Path if you want to collect files from a bucket subfolder.

    You can only select a subfolder Path if you have one bucket selected.

    amazon_s3_set_up_data_source_global_select_buckets_and_path.png

  6. When finished, select Save. Your Amazon S3 bucket is connected and Tonkean can begin collecting your S3 data.

Set Up the Amazon S3 Data Source with Restricted Permission Type

The Restricted permission type connects a specific bucket to Tonkean.

  1. In the Permission Type field, select Restricted - Specific Buckets.

    amazon_s3_set_up_data_source_restricted.png

  2. Retrieve the required credentials in your AWS instance and populate the following fields:

    • Region

    • Access Key

    • Secret Key

    • Bucket Name

    amazon_s3_set_up_data_source_restricted_fields_filled.png

  3. Optionally, you may select Enable S3 Event Notifications via SNS Webhooks, turning on the option to use webhooks with your connected S3 bucket.

    To use webhooks with the Amazon S3 integrations, your AWS credentials must have the required permissions to create and manage SNS topics. Ensure your IAM user role has the necessary SMS permissions before enabling the webhooks. See the required permissions below:

    • SNS:CreateTopic

    • SNS:SetTopicAttributes

    • SNS:Subscribe

    • SNS:DeleteTopic

    • s3:PutBucketNotification

    • s3:GetBucketNotification

    The SNS resource prefix is TonkeanS3Topic_

    amazon_s3_set_up_data_source_restricted_enable_webhooks.png

  4. When finished, select Connect. The bucket and path selection fields display (however, only the Path field is editable).

  5. If desired, specify a Path if you want to collect files from a bucket subfolder.

    amazon_s3_set_up_data_source_restricted_select_path.png

  6. When finished, select Save. Your Amazon S3 bucket is connected and Tonkean can begin collecting your S3 data.

In this section: