LogoLogo
  • Overview
  • publisher
    • Introduction
    • Getting Started
      • Logging in to Publisher
    • Data Sources
      • Connecting a Data Source
      • Managing a Data Source
      • Connectors
        • AWS S3 Permissions
        • Connecting to AWS S3 Storage
        • Google Cloud Storage (GCS) Permissions
        • Connecting to Google Cloud Storage
        • PostgreSQL Permissions
        • Connecting to PostgreSQL
        • PostgreSQL on Azure Permissions
        • Microsoft Azure Blob Storage Permissions
        • Connecting to Microsoft Azure Blob Storage
        • Connecting to HTTPS
        • Connecting to other sources via Trino
          • BigQuery
    • Collections
      • Creating a Collection
      • Sharing a Collection
      • Collection Filters
      • Editing Collection Metadata
      • Updating Collection Contents
    • Access Policies
      • Creating an Access Policy
      • Managing Access Policies
    • Questions
      • Adding Questions
      • Example Question
    • Settings
      • Viewing Current and Past Administrators
      • Adding an Administrator
      • Removing an Administrator
      • Setting Notification Preferences
  • Explorer
    • Introduction
    • Viewing a Collection
    • Browsing Collections
    • Asking Questions
    • Accessing a Private Collection
      • Requesting Access to a Private Collection
    • Filtering Data in Tables
      • Strings
      • Dates
      • Numbers
  • Workbench
    • Introduction
    • Getting Started
      • Logging into Workbench
      • Connecting an Engine
      • Finding or Importing a Workflow
      • Configuring Workflow Inputs
      • Running and Monitoring a Workflow
      • Locating Outputs
    • Engines
      • Adding and Updating an Engine
        • On AWS HealthOmics
        • On Microsoft Azure
        • On Google Cloud Platform
        • On Premises
      • Parameters
        • AWS HealthOmics
        • Google Cloud Platform
        • Microsoft Azure
        • On-Premises
        • Cromwell
        • Amazon Genomics CLI
    • Workflows
      • Finding Workflows
      • Adding a Workflow
      • Supported Languages
      • Repositories
        • Dockstore
    • Instruments
      • Getting Started with Instruments
      • Connecting a Storage Account
      • Using Sample Data in a Workflow
      • Running Workflows Using Samples
      • Family Based Analysis with Pedigree Information
      • Monitor the Workflow
      • CLI Reference
        • Instruments
        • Storage
        • Samples
        • OpenAPI Specification
    • Entities
    • Terminology
  • Passport
    • Introduction
    • Registering an Email Address for a Google Identity
  • Command Line Interface
    • Installation
    • Usage Examples
    • Working with JSON Data
    • Reference
      • workbench
        • runs submit
        • runs list
        • runs describe
        • runs cancel
        • runs delete
        • runs logs
        • runs tasks list
        • runs events list
        • engines list
        • engines describe
        • engines parameters list
        • engines parameters describe
        • engines health-checks list
        • workflows create
        • workflows list
        • workflows describe
        • workflows update
        • workflows delete
        • workflows versions create
        • workflows versions list
        • workflows versions describe
        • workflows versions files
        • workflows versions update
        • workflows versions delete
        • workflows versions defaults create
        • workflows versions defaults list
        • workflows versions defaults describe
        • workflows versions defaults update
        • workflows versions defaults delete
        • namespaces get-default
        • storage add
        • storage delete
        • storage describe
        • storage list
        • storage update
        • storage platforms add
        • storage platforms delete
        • storage platforms describe
        • storage platforms list
        • samples list
        • samples describe
        • samples files list
      • publisher
        • datasources list
  • Analysis
    • Python Library
    • Popular Environments
      • Cromwell
      • CWL Tool
      • Terra
      • Nextflow
      • DNAnexus
Powered by GitBook

© DNAstack. All rights reserved.

On this page
  • Concepts
  • Minimal Configuration
  • Creating Credentials

Was this helpful?

  1. publisher
  2. Data Sources
  3. Connectors

AWS S3 Permissions

PreviousConnectorsNextConnecting to AWS S3 Storage

Last updated 3 months ago

Was this helpful?

When connecting to AWS S3, proper permissions configuration ensures secure and controlled access to your data. These permissions define how Publisher interacts with your S3 buckets, determining which operations can be performed and what security measures are in place.

The following guide outlines the key concepts and minimal configuration needed to establish a secure connection between Publisher and your AWS S3 resources.

Concepts

  1. IAM User: This is an identity created for an individual user who needs access to AWS services. Each IAM user has a unique name and can have one or more access keys.

  2. IAM Role: This is an identity that can be assumed by anyone who needs temporary access to AWS resources. Roles are used to delegate access to users, applications, or services that don't usually have access to your AWS resources.

  3. S3 Bucket: This is a container for storing objects in Amazon S3. Each bucket has a unique name and can store an unlimited number of objects.

  4. Permission: These are granular actions a user or role can perform on a given resource. Examples include s3:ListBucket, s3:GetObject, etc.

  5. Policy: A collection of permissions that define what actions are allowed or denied for a user, group, or role. Policies are written in JSON and can be attached to IAM users, groups, or roles.

Minimal Configuration

To perform these operations, you must log in to your as an administrator.

This setup represents the minimal permissions needed to connect Publisher to an AWS S3 Storage bucket.

Creating Credentials

Create a new IAM User

aws iam create-user --user-name publisher-connectors

Attach a Policy to the IAM User

aws iam put-user-policy --user-name publisher-connectors --policy-name S3AccessPolicy --policy-document '{
    "Version": "2024-10-24",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::${BUCKET}",
                "arn:aws:s3:::${BUCKET}/*"
            ]
        }
    ]
}'

Create Access Keys for the IAM User

aws iam create-access-key --user-name publisher-connectors
Publisher
AWS