Warning We have announced the end of life of Jobserver and all related Jobserver integrations for September 30, 2024, with the exception of Public Sector customers using GovCloud or on-prem environments.
For information on the integration of S3 via Edge, go to Integrating an Amazon S3 file system via Edge.
When you register an Amazon S3 file system, you can authenticate to Amazon S3 based on an IAM role. As a result, you can connect to Amazon S3 without an access key ID and secret access key.
Prerequisites
- You have access to the AWS IAM console.
- You have access to the Amazon EC2 console.
- You have an Amazon EC2 instance.
Steps
- In AWS Identity and Access Management, do the following:
- Create a new IAM role or select an existing IAM role.
- Attach the following policies to the IAM role:
- AWSGlueServiceRole (AWS managed policy)
- pass_role (inline policy)
You can use the following JSON content:{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "iam:PassRole", "Resource": "*" } ] }
- In the Amazon EC2 console, attach the IAM role to the Amazon EC2 instance.
- Install the Jobserver service on the Amazon EC2 instance node.
More information
If the credentials in the Amazon EC2 instance can't be used to authenticate, you can create a credentials file and save it in the user_home/.aws/ folder. The credentials file should look like this:
[default] aws_access_key_id = <access key ID> aws_secret_access_key = <secret access key>
For more information, see the AWS developer guide.
Warning Do not use a credentials file unless absolutely necessary.
What's next?
You can now connect to Amazon S3 via the jobserver service on the Amazon EC2 instance node.