Nexla supports ingesting Amazon S3 data sources. In order to allow Nexla access to a customer S3 bucket, a customer can simply enter their access key and secret key in the Nexla UI when setting up the data source. These AWS credentials are encrypted and stored safely in the Nexla database. If the customer would prefer for Nexla not to store their access and secret keys, they can provide S3 access to Nexla via an AWS ARN. This document describes steps to assign permissions to Nexla’s AWS account with an ARN.
1. Login to AWS Console using admin credentials
Navigate to Amazon S3.
If your buckets are in a different region, please insert specific AWS region in the url above.
2. Create a bucket policy
Select the bucket and navigate to the Permissions tab.
Click on bucket policy.
Paste the following policy in the text box. This will give Nexla access to list the contents of the bucket and download files from the bucket. Please replace “exampleBucket” with the name of an actual bucket.
"Sid": "Example permissions",
If the use case needs Nexla to write data into S3 bucket, we would also need s3:putObject permissions.
The following screenshot shows the details.
Click on Save.
3. Notify Nexla
Please notify Nexla (email@example.com) about bucket policy change. Nexla will run quick tests to ensure correct permissions are assigned.