S3

Ingest your files into Unstructured from Amazon S3.

The requirements are as follows.

The following video shows how to fulfill the minimum set of Amazon S3 requirements:

The preceding video does not show how to create an AWS account; enable anonymous access to the bucket (which is supported but not recommended); or generate an AWS STS session token for temporary access, if required by your organization’s security requirements. For more information about requirements, see the following:

• An AWS account. Create an AWS account.

• An S3 bucket. Create an S3 bucket. Additional approaches are in the following video and in the how-to sections at the end of this page.

• Anonymous (supported but not recommended) or authenticated access to the bucket.

  • Enable anonymous bucket access.

  • Enable authenticated bucket access.

• For authenticated bucket read access, the authenticated AWS IAM user must have at minimum the permissions of s3:ListBucket and s3:GetObject for that bucket. Learn how.

• For bucket write access, authenticated access to the bucket must be enabled (anonymous access must not be enabled), and the authenticated AWS IAM user must have at minimum the permission of s3:PutObject for that bucket. Learn how.

• For authenticated access, an AWS access key and secret access key for the authenticated AWS IAM user in the account. Create an AWS access key and secret access key.

• For authenticated access in untrusted environments or enhanced security scenarios, an AWS STS session token for temporary access, in addition to an AWS access key and secret access key. Create a session token.

• If the target files are in the root of the bucket, the path to the bucket, formatted as protocol://bucket/ (for example, s3://my-bucket/). If the target files are in a folder, the path to the target folder in the S3 bucket, formatted as protocol://bucket/path/to/folder/ (for example, s3://my-bucket/my-folder/).

• If the target files are in a folder, and authenticated bucket access is enabled, make sure the authenticated AWS IAM user has authenticated access to the folder as well. Enable authenticated folder access.

To create or change an S3 source connector, see the following examples.

Replace the preceding placeholders as follows:

• <name> (required) - A unique name for this connector.

• For AWS access key ID with AWS secret access key authentication:

  • <key> - The AWS access key ID for the authenticated AWS IAM user (required).
  • <secret> - The AWS secret access key corresponding to the preceding AWS access key ID (required).

• For AWS STS token authentication:

  • <token> - The AWS STS session token for temporary access (required).

• <endpoint-url> - A custom URL, if connecting to a non-AWS S3 bucket.

• <remote-url> (required) - The S3 URI to the bucket or folder, formatted as s3://my-bucket/ (if the files are in the bucket’s root) or s3://my-bucket/my-folder/.

• For recursive (source connector only), set to true to access subfolders within the bucket. The default is false if not otherwise specified.

To change a connector, replace <connector-id> with the source connector’s unique ID. To get this ID, see List source connectors.