tS3Connection Standard properties
These properties are used to configure tS3Connection running in the Standard Job framework.
The Standard tS3Connection component belongs to the Cloud family.
The component in this framework is available in all Talend products.
Basic settings
Access Key | The Access Key ID that uniquely identifies an AWS Account. For how to get your Access Key and Access Secret, visit Getting Your AWS Access Keys. |
Secret Key |
The Secret Access Key, constituting the security credentials in combination with the access Key. To enter the secret key, click the [...] button next to the secret key field, and then in the pop-up dialog box enter the password between double quotes and click OK to save the settings. |
Credential Provider |
Specify the way to obtain AWS security credentials.
This option can work as a dynamic parameter and be assigned a value using a context variable. Information noteNote:
|
Assume Role |
If you temporarily need some access permissions associated to an AWS IAM role that is not granted to your user account, select this check box to assume that role. Then specify the values for the following parameters to create a new assumed role session. Ensure that access to this role has been granted to your user account by the trust policy associated to this role. If you are not certain about this, ask the owner of this role or your AWS administrator.
Information noteTroubleshooting: If you get an Access
denied error, try either to:
|
Region |
Specify the AWS region by selecting a region name from the list or entering a region between double quotation marks (e.g. "us-east-1") in the list. For more information about the AWS Region, see Regions and Endpoints. |
Encrypt |
Select this check box and from the
Key type drop-down list
displayed, select one of the following three options for encrypting the data on the
client-side before sending to Amazon S3. For more information, see Protecting Data Using Client-Side
Encryption.
|
Advanced settings
Use a custom region endpoint | Select this check box to use a custom endpoint and in the field displayed,
specify the URL of the custom endpoint to be used. This option can work as a dynamic parameter and be assigned a value using a context variable. |
Enable PathStyleAccess | Select this option to enable path-style access. Click Path-Style Requests for related information. Note that
buckets created after September 30, 2020 will support only virtual hosted-style
requests. Path-style requests will continue to be supported for buckets created on
or before this date. This option is available when Use a custom region endpoint is selected. This option can work as a dynamic parameter and be assigned a value using a context variable. Information noteWarning: Path-style access cannot work with the accelerate mode. So, make
sure Enable Accelerate Mode is cleared when selecting
this option.
|
Config client | Select this check box if you want to use customized client configuration
other than the default. Client Parameter: select client parameters from the list. Value: enter the parameter value. For related information, go to Client Configuration. |
STS Endpoint |
Select this check box to specify the AWS Security Token Service (STS) endpoint from which to retrieve the session credentials. For example, enter sts.amazonaws.com. This service allows you to request temporary, limited-privilege credentials for the AWS user authentication. Therefore, you still need to provide the access key and secret key to authenticate the AWS account to be used. For a list of the STS endpoints you can use, see AWS Security Token Service. For further information about the STS temporary credentials, see Temporary Security Credentials. Both articles are from the AWS documentation. This check box is available only when the Assume Role check box is selected. |
Signing region |
Select the AWS region of the STS service. If the region is not in the list, you can enter its name between double quotation marks. The default value is us-east-1. This drop-down list is available only when the Assume Role check box is selected. |
External Id |
If the administrator of the account to which the role belongs provided you with an external ID, enter its value here. The External Id is a unique identifier that allows a limited set of users to assume the role. This field is available only when the Assume Role check box is selected. |
Serial number |
When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate the identification number of the hardware or virtual MFA device that is associated with the user who assumes the role. This field is available only when the Assume Role check box is selected. |
Token code |
When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate a token code. This token code is a time-based one-time password produced by the MFA device. This field is available only when the Assume Role check box is selected. |
Tags |
List session tags in the form of key-value pairs. You can then use these session tags in policies to allow or deny access to requests. Transitive: select this check box to indicate that a tag will persist to the next role in a role chain. For more information about tags, see Passing Session Tags in AWS STS This field is available only when the Assume Role check box is selected. |
IAM Policy ARNs |
Enter the Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. Use managed session policies to limit the permissions of the session. The policies must exist in the same account as the role. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. For more information about session policies, see the corresponding section in Policies and Permissions This field is available only when the Assume Role check box is selected. |
Policy |
Enter an IAM policy in JSON format that you want to use as a session policy. Use session policies to limit the permissions of the session. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies. For more information about session policies, see the corresponding section in Policies and Permissions This field is available only when the Assume Role check box is selected. |
Check S3 Accessibility | Leave this check box selected so that the component verifies the credentials
to be used for this connection request to S3 before proceeding with further
actions. It is recommended to use the default By Account
Owner option for this verification. The By Bucket
Configuration option employs an old verification approach which can
significantly increase your network load in some circumstances. Information noteTroubleshooting:
|
Enable Accelerate Mode | Select this check box to enable fast, easy, and secure transfers of files
over long distances between your client and an S3 bucket. To take it into account,
you should enable this acceleration mode on the S3 bucket in advance. This option can work as a dynamic parameter and be assigned a value using a context variable. Information noteWarning: This option cannot work with path-style
access. So, make sure Enable PathStyleAccess is cleared
when selecting this option.
|
tStatCatcher Statistics | Select this check box to collect log data at the component level. |
Global Variables
ERROR_MESSAGE |
The error message generated by the component when an error occurs. This is an After variable and it returns a string. |
Usage
Usage rule | As a start component, this component is to be used along with other S3 components. |
Dynamic settings |
Click the [+] button to add a row in the table and fill the Code field with a context variable to choose your database connection dynamically from multiple connections planned in your Job. This feature is useful when you need to access database tables having the same data structure but in different databases, especially when you are working in an environment where you cannot change your Job settings, for example, when your Job has to be deployed and executed independent of Talend Studio. For examples on using dynamic parameters, see Reading data from databases through context-based dynamic connections and Reading data from different MySQL databases using dynamically loaded connection parameters. For more information on Dynamic settings and context variables, see Dynamic schema and Creating a context group and define context variables in it. |