For Collibra Data Lineage to access files stored in Amazon S3 buckets using EC2 authentication via AWS connection, the bundled K3s Edge site must be hosted on an Amazon EC2 instance that is authorized to read the relevant S3 buckets via role-based authentication.
Prerequisites
Ensure that the following requirements are met before configuring IAM permissions:
- You have installed the Edge site using the bundled K3s installer.
- The Edge site runs on an Amazon EC2 instance.
- You have administrative access to the AWS IAM and EC2 consoles.
Steps
As the AWS administrator, while you may choose to implement this via existing roles or permission boundaries, the following example provides a validated procedure.
- Go to AWS Identity and Access Management.
- Create an IAM role. Do not attach permissions during role creation.
- Open the details of the newly created role, and click Add permissions.
- Create an inline policy named read_from_bucket using the following JSON. Specify
<the bucket>with the name of the S3 bucket that contains your source files.Copy{
"Version": "2012-10-17",
"Statement":
[
{
"Sid": "S3ListStart",
"Effect": "Allow",
"Action":
[
"s3:List*",
"s3:Get*"
],
"Resource":
[
"arn:aws:s3:::<the bucket>",
"arn:aws:s3:::<the bucket>/*"
]
}
]
} - In the Amazon EC2 console, attach the IAM role you created to the Amazon EC2 instance.