S3 Endpoint

The S3 Endpoint has the following attributes:

Attribute Description

Access Key

Part of the AWS credentials. Used in conjunction with the Secret Access Key to access an S3 bucket.

Secret Access Key Part of the AWS credentials. Used in conjunction with the Access Key to access an S3 bucket.

Cross-Account Access

Cross-account access allows you to share resources in one AWS account with users in another account without having to create additional users in the first account.

In AWS, cross-account access requires an IAM role with permissions for anything you want the role to be able to perform and a trust relationship that specifies which entities are allowed to assume the IAM role.

In CIC, the user who wants access to the S3 endpoint uses their own credentials for the S3 account, and then fills out the cross-account fields. See the sub-table below.

See your AWS documentation for more detailed information about cross-account access.

In the Cross-Account Access field, choose from the following:

None Don't use cross-account access.

AssumeRole

Use cross-account access. Choosing this option displays the following fields.

Amazon Resource Name (ARN)	The Amazon Resource Name (ARN) of the role to assume.
Session Name	Use this property to identify a session when the same role is assumed by different principals or for different reasons. The role session name is visible to, and can be logged by, the account that owns the role.
External ID	A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with that ID can assume the role, rather than everyone in the account.
Source Identity	The source identity specified by the principal that is calling the `AssumeRole` operation. You can require users to specify a source identity when they assume a role. You do this by using the `sts:SourceIdentity` condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the `aws:SourceIdentity` condition key to further control access to AWS resources based on the value of source identity.

Region The region to use for this S3 connection. Defaults to DEFAULT_REGION.

Bucket

The S3 bucket to use for this Endpoint.

Protocol The protocol (i.e. HTTP or HTTPS).

Advanced - Security

Server Side Encryption

The options for server-side encryption.

Choose from the following:

None
SSE-S3 - use Amazon S3-Managed Keys. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html for more information.
SSE-KMS - use Amazon Key Management Service. See https://docs.aws.amazon.com/AmazonS3/latest/userguide/serv-side-encryption.html for more information.

KMS Key Id

Used when encrypting with SSE-KMS. Leave blank to use default KMS key for the bucket.

Preemptive Basic Proxy Auth

Select the check box to attempt to authenticate preemptively against proxy servers using basic authentication.

Advanced - Connection

Use Gzip	Select to use gzip compression.
Max Connections	The maximum number of allowed open HTTP connections.
Client Execution Timeout (milliseconds)	The amount of time to allow the client to complete the execution of an API call.
Connection Max Idle Time (milliseconds)	The maximum amount of time that an idle connection may sit in the connection pool and still be eligible for reuse.
Connection Timeout (milliseconds)	The amount of time to wait when initially establishing a connection before timing out.
Connection TTL (milliseconds)	The expiration time for a connection in the connection pool.
Socket Timeout (milliseconds)	The amount of time to wait for data to be transferred over an established, open connection before the connection times out and is closed.
Use Expect Continue	Select to enable use expect continue.
Use Reaper	Select to start the IdleConnectionReaper as a daemon thread.
Use TCP Keep Alive	Select to enable TCP KeepAlive support at the socket level.
Use Throttled Retries	Select to use throttled retries.
Use Transfer Acceleration	Select to use S3 transfer acceleration.
Signer Override	The name of the signature algorithm to use for signing requests made by this client.
Request Timeout (milliseconds)	The amount of time to wait for the request to complete before timing out.
Command Retries	The number of times the command should be retried if an error or exception occurs during a command.
Command Retry Delay	The amount of time (in seconds) before a retry should be attempted.
Endpoint	The AWS endpoint to use for the S3 connection. Note: We recommended using the Region setting instead of this setting. This setting should be configured only for non-standard S3 connections.

Advanced - Cache

Multipart Buffer Size (mbytes)	The part size used for a multipart upload.
Response Metadata Cache Size	The response metadata cache size.
Socket Send Buffer Size Hint (bytes)	The optional size hint for the low level TCP send buffer.
Socket Receive Buffer Size Hint (bytes)	The optional size hint for the low level TCP receive buffer.

Advanced - Logging

Enable Debug

Select to enable debug-level logging for this endpoint.

Comments

Contact Us

Email Us

Support Links

Related articles