Sign in
< Back to Top

S3 Endpoint

The S3 Endpoint has the following attributes:

Attribute Description
Connect Specify how to connect this Endpoint to other entities.

Directly Connect to external Trading Partners via CIC Cloud.
via Access Point Use an Access Point to connect to an S3 server when access is restricted for security purposes, for example, when only connections from your internal network are allowed. If you select this option, you must also select an Access Point. See Managing Access Points for more information.
Access Key

Part of the AWS credentials. Used in conjunction with the Secret Access Key to access an S3 bucket.
Secret Access Key Part of the AWS credentials. Used in conjunction with the Access Key to access an S3 bucket.
Cross-Account Access

Cross-account access allows you to share resources in one AWS account with users in another account without having to create additional users in the first account.

In AWS, cross-account access requires an IAM role with permissions for anything you want the role to be able to perform and a trust relationship that specifies which entities are allowed to assume the IAM role.

In CIC, the user who wants access to the S3 endpoint uses their own credentials for the S3 account, and then fills out the cross-account fields. See the sub-table below.

See your AWS documentation for more detailed information about cross-account access.

In the Cross-Account Access field, choose from the following:

None Don't use cross-account access.
AssumeRole Use cross-account access. Choosing this option displays the following fields.
Amazon Resource Name (ARN)

The Amazon Resource Name (ARN) of the role to assume. 
Session Name

Use this property to identify a session when the same role is assumed by different principals or for different reasons. The role session name is visible to, and can be logged by, the account that owns the role. 
External ID A cross-account role is usually set up to trust everyone in an account. Therefore, the administrator of the trusting account might send an external ID to the administrator of the trusted account. That way, only someone with that ID can assume the role, rather than everyone in the account. 
Source Identity

The source identity specified by the principal that is calling the AssumeRole operation.
You can require users to specify a source identity when they assume a role. You do this by using the sts:SourceIdentity condition key in a role trust policy. You can use source identity information in AWS CloudTrail logs to determine who took actions with a role. You can use the aws:SourceIdentity condition key to further control access to AWS resources based on the value of source identity. 
Region The region to use for this S3 connection. Defaults to DEFAULT_REGION.
Bucket

The S3 bucket to use for this Endpoint.
Protocol The protocol (i.e. HTTP or HTTPS).
Advanced - Security
Server Side Encryption

The options for server-side encryption.

Choose from the following:
KMS Key Id Used when encrypting with SSE-KMS. Leave blank to use default KMS key for the bucket.
Preemptive Basic Proxy Auth Select the check box to attempt to authenticate preemptively against proxy servers using basic authentication.
Advanced - Connection
Parallel Download Threads

The maximum number of download threads allowed concurrently. 

Default value is 0 (no parallel downloads).

Maximum value is 10.
Use Gzip Select to use gzip compression.
Max Connections The maximum number of allowed open HTTP connections.
Client Execution Timeout (milliseconds) The amount of time to allow the client to complete the execution of an API call.
Connection Max Idle Time (milliseconds) The maximum amount of time that an idle connection can sit in the connection pool and still be eligible for reuse.
Connection Timeout (milliseconds) The amount of time to wait when initially establishing a connection before timing out.
Connection TTL (milliseconds) The expiration time for a connection in the connection pool.
Socket Timeout (milliseconds) The amount of time to wait for data to be transferred over an established, open connection before the connection times out and is closed.
Use Expect Continue Select to enable use expect continue.
Use Reaper Select to start the IdleConnectionReaper as a daemon thread.
Use TCP Keep Alive Select to enable TCP KeepAlive support at the socket level.
Use Throttled Retries Select to use throttled retries.
Use Transfer Acceleration Select to use S3 transfer acceleration.
Signer Override The name of the signature algorithm to use for signing requests made by this client.
Request Timeout (milliseconds) The amount of time to wait for the request to complete before timing out.
Automatic Retries

The number of retries that should be made during an attempt. An attempt consists of the number of transfer retries you specify. For example, if you specify 5 retries and 30 seconds, an attempt would consist of 5 retries occurring in the span of 30 seconds.

This setting applies to both sends and receives. 

The minimum number of retries is 0 and the maximum is 5.

The time between retries can range from 0 to 120 seconds.

See Retrying Failed File Transfer Attempts.
Extended Outbound Retries

The period of time during which outbound retries are attempted after a failed send attempt and subsequent failed automatic retry. Retries will not be attempted after the end of the period specified.

This period starts when the first retry is attempted and ends after the value you specify elapses.

Minimum value is 15 minutes.

Maximum value is 3 days.

See Retrying Failed File Transfer Attempts.
Concurrent Outbound Transfers Specify the maximum number of connections that can be transferring to this Endpoint at the same time.

Minimum value is 1 and maximum is 10.
Endpoint The AWS endpoint to use for the S3 connection. Note: We recommended using the Region setting instead of this setting. This setting should be configured only for non-standard S3 connections.
Advanced - Cache
Multipart Buffer Size (mbytes) The part size used for a multipart upload.
Response Metadata Cache Size The response metadata cache size.
Socket Send Buffer Size Hint (bytes) The optional size hint for the low level TCP send buffer.
Socket Receive Buffer Size Hint (bytes) The optional size hint for the low level TCP receive buffer.
Advanced - Logging
Enable Debug Select to enable debug-level logging for this endpoint.

Related articles

Comments

0 comments

Please sign in to leave a comment.