This section will walk you through the steps to create security credentials in AWS. These credentials will be used to load data from AWS S3 into Firebolt. In order to enable Firebolt to load data from your S3 buckets, you must:
  1. Create a user.
  2. Create appropriate permissions for this user.
  3. Create access credentials to authenticate this user.

Create a user

  1. Log into your AWS Management console and go to the IAM section. You can do this by typing “IAM” in the search bar.
  2. Once you are in the IAM section, select the Create User button. Create IAM User
  3. Enter a name for the user and select Next. Specify User Name
  4. You can have the default permission option set to Add user to group and select Next. Set Permissions
  5. Select Create User. Review and Create User
  6. You will see a message User created successfully. User created successfully

Create S3 access permissions

Now that you have created the user, you will now assign this user appropriate permissions for S3.
  1. Select on the user name as shown below. Click User
  2. In the Permissions tab, select the Add Permissions drop-down and choose Create inline policy. Choose Inline Policy
  3. In Specify Permissions choose S3 as the service. Choose S3
  4. Choose JSON, paste the following JSON code in the policy editor, and select Next. Set Permissions 
    {
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "s3:GetObject",
               "s3:GetObjectVersion"
           ],
           "Resource": "arn:aws:s3:::<bucket>/<prefix>/*"
       },
       {
           "Effect": "Allow",
           "Action": "s3:GetBucketLocation",
           "Resource": "arn:aws:s3:::<bucket>"
       },
       {
           "Effect": "Allow",
           "Action": "s3:PutObject",
           "Resource": "arn:aws:s3:::<bucket>/*"
       },
       {
           "Effect": "Allow",
           "Action": "s3:ListBucket",
           "Resource": "arn:aws:s3:::<bucket>",
           "Condition": {
               "StringLike": {
                   "s3:prefix": [
                       "<prefix>/*"
                   ]
               }
           }
       }
   ]
}
IMPORTANT: Replace <bucket> with the S3 bucket that you want to provide access to.
  1. Enter a description for the policy and select Create Policy. Create policy
  2. You will see a message that the policy has been successfully created.

Create access key and secret ID

Now that you have created a user, authorized the user with the appropriate S3 permissions, you will create access credentials for this user. These credentials will be used to authenticate the user.
  1. Select the Security Credentials tab, as shown in the following image: Security Credentials
  2. In the Access Keys section, select the Create Access Key button. Create Access Key
  3. For the use case, choose the Application running on AWS compute service. You will see an alternative recommendation. You can check the box that says “I understand the above recommendation and want to proceed to create an access key” and select Next. Use case warning
  4. Set a description tag for the access key and select **C, Set Desc tag Access Key
  5. You will see a message indicating that the access key was created. Make sure to download the access key. You will need these credentials when you load S3 data into Firebolt. Access Key created successfully