Skip to main content Skip to complementary content
Qlik Resources
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal
Loading SearchUnify's search If you need assistance with your product, please contact Qlik Support.
Qlik Customer Portal

tS3Get

Retrieves a file from Amazon S3.

tS3Get Standard properties

These properties are used to configure tS3Get running in the Standard Job framework.

The Standard tS3Get component belongs to the Cloud family.

The component in this framework is available in all Talend products.

Basic settings

Properties Description
Property type

Either Built-In or Repository.

Built-In: No property data stored centrally.

Repository: Select the repository file where the properties are stored.
Use an existing connection

Select this check box and in the Component List drop-down list, select the desired connection component to reuse the connection details you already defined.

Credential provider

Specify the way to obtain AWS security credentials.

  • Static credentials: Use access key and secret key as the AWS security credentials.
  • Inherit credentials from AWS role: Obtain AWS security credentials from your EMR instance metadata. To use this option, the Amazon EMR cluster must be started and your Job must be running on this cluster. For more information, see Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances. This option enables you to develop your Job without having to put any AWS keys in the Job, thus easily comply with the security policy of your organization.
  • Web Identity Token: Use Web token for establishing the Amazon S3 connection.

  • Profile credentials or inherit from AWS role: Use credentials stored in a file (known as profile configuration file) as the AWS security credentials or inherit AWS security credentials from the AWS role.

    AWS security credentials can be grouped in profiles in profile configuration files. A profile configuration file can contain one or multiple profiles. You can optionally specify the profile configuration file in the Profile path field and specify the profile to be used in the Profile name field.

    If the Profile path field and the Profile name filed are left empty, <user folder>/.aws/credentials will be used as the profile configuration file and the profile named default will be used.

    In cases of EC2 instances, if the profile (the specified or the default profile) does not exist, the component will try to inherit the AWS security credentials from the AWS role.

This option can work as a dynamic parameter and be assigned a value using a context variable.

Information noteNote: tRedshiftBulkExec, tRedshiftOutputBulk, and tRedshiftOutputBulkExec support S3 connections that are established with Credential Provider being Static Credentials or Inherit credentials from AWS role only.

Assume role

If you temporarily need some access permissions associated to an AWS IAM role that is not granted to your user account, select this check box to assume that role. Then specify the values for the following parameters to create a new assumed role session.

Ensure that access to this role has been granted to your user account by the trust policy associated to this role. If you are not certain about this, ask the owner of this role or your AWS administrator.

  • ARN: the Amazon Resource Name (ARN) of the role to assume. You can find this ARN name on the Summary page of the role to be used on your AWS portal, for example, this role ARN could read like am:aws:iam::[aws_account_number]:role/[role_name].

    Role session name: enter the name you want to use to uniquely identify your assumed role session. This name can contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-.

  • Session duration (minutes): the duration (in minutes) for which you want the assumed role session to be active. This duration cannot exceed the maximum duration which your AWS administrator has set. The duration defaults to 3600 seconds if you give it no value.

For an example about an IAM role and its related policy types, see Create and Manage AWS IAM Roles from the AWS documentation.
Region

Specify the AWS region by selecting or entering a region name between double quotation marks (e.g. "us-east-1"). For more information about the AWS Region, see Regions and Endpoints.
Client-side encryption
Select this check box and from the Key type drop-down list displayed, select one of the following three options for encrypting the data on the client-side before sending to Amazon S3. For more information, see Protecting Data Using Client-Side Encryption.

  • KMS-managed customer master key: use a KMS-managed customer master key (CMK) for the client-side data encryption. In the Key field, you need to specify the AWS KMS customer master key ID (CMK ID).

  • Symmetric Master Key: use a symmetric master key (256-bit AES secret key) for the client-side data encryption.

    • Algorithm: select the algorithm associated with the key from the list. By default, there is only one algorithm named AES.

    • Encoding: select the encoding type associated with the key from the list, either Base64 or X509.

    • Key or Key file: specify the key or the path to the file that stores the key.

  • Asymmetric Master Key: use an asymmetric master key (a 1024-bit RSA key pair) for the client-side data encryption.

    • Algorithm: select the algorithm associated with the key from the list. By default, there is only one algorithm named RSA.

    • Public key file: specify the path to the public key file.

    • Private key file: specify the path to the private key file.
Bucket Specify the name of the bucket, namely the top level folder, on the S3 server.
Key Specify the path to the file saved on the S3 server.
Information noteWarning: This field must not start with a slash (/).
File Enter the name of the file to be saved locally.
Die on error This check box is cleared by default, meaning to skip the row on error and to complete the process for error-free rows.

Advanced settings

Properties Description
tStatCatcher Statistics Select this check box to collect log data at the component level.
Use a custom region endpoint Select this check box to use a custom endpoint and in the field displayed, specify the URL of the custom endpoint to be used.

This option can work as a dynamic parameter and be assigned a value using a context variable.
Signing region

Select the AWS region of the STS service. If the region is not in the list, you can enter its name between double quotation marks. The default value is us-east-1.

This drop-down list is available only when the Assume role check box is selected.

Specify STS endpoint

Select this check box to specify the AWS Security Token Service (STS) endpoint from which to retrieve the session credentials. For example, enter sts.amazonaws.com.

This service allows you to request temporary, limited-privilege credentials for the AWS user authentication. Therefore, you still need to provide the access key and secret key to authenticate the AWS account to be used.

For a list of the STS endpoints you can use, see AWS Security Token Service. For further information about the STS temporary credentials, see Temporary Security Credentials. Both articles are from the AWS documentation.

This check box is available only when the Assume role check box is selected.

External ID

If the administrator of the account to which the role belongs provided you with an external ID, enter its value here. The External Id is a unique identifier that allows a limited set of users to assume the role.

This field is available only when the Assume role check box is selected.

Serial number

When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate the identification number of the hardware or virtual MFA device that is associated with the user who assumes the role.

This field is available only when the Assume role check box is selected.

Token code

When you assume a role, the trust policy of this role might require Multi-Factor Authentication (MFA). In this case, you must indicate a token code. This token code is a time-based one-time password produced by the MFA device.

This field is available only when the Assume role check box is selected.

Tags

List session tags in the form of key-value pairs. You can then use these session tags in policies to allow or deny access to requests.

Transitive: select this check box to indicate that a tag will persist to the next role in a role chain.

For more information about tags, see Passing Session Tags in AWS STS

This field is available only when the Assume role check box is selected.

IAM policy ARNs

Enter the Amazon Resource Names (ARNs) of the IAM managed policies that you want to use as managed session policies. Use managed session policies to limit the permissions of the session. The policies must exist in the same account as the role. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies.

For more information about session policies, see the corresponding section in Policies and Permissions

This field is available only when the Assume role check box is selected.

Policy

Enter an IAM policy in JSON format that you want to use as a session policy. Use session policies to limit the permissions of the session. The resulting session's permissions are the intersection of the role's identity-based policy and the session policies.

For more information about session policies, see the corresponding section in Policies and Permissions

This field is available only when the Assume role check box is selected.

Config client Select this check box and specify the client parameter(s) by clicking the [+] button to add as many rows as needed, each row for a client parameter, and then setting the value of the following fields for each parameter:

  • Client Parameter: Click the cell and select the client parameter from the list.

  • Value: Enter the value for the selected parameter.

This check box is available only when the Use an existing connection check box is cleared.

For related information, read the AWS documentation.

Enable accelerate mode Select this check box to enable fast, easy and secure transfers of files over long distances between your client and an S3 bucket. To take it into account, you should enable this acceleration mode on the S3 bucket in advance.
Use Select Select this check box to customize the way to retrieve a file from Amazon S3.
  • File Type: Type of the file to be retrieved
  • Query: Query to be used for retrieving the file.
  • Compressed Type: Compression type of the file to be compressed
  • Header Type and Field Separator: Header type and field separator to be used for retrieving the file
S3 CSV Input Options Select this check box to configure the CSV file input settings.

This property is available only when you select the Use Select check box.
Configure Output Select this check box to configure the settings used to output files.

This property is available only when you select the Use Select check box.
JSON Record Delimiter Set the delimiter used to separate JSON records.

This property is available only when you select JSON from the Output Type drop-down list.

Add the InputStream in Global variables Select this check box to add InputStream into global variables so that other components in the Job can use this input data.

This property is available only when you select the Use Select check box.

Global Variables

Variables Description

ERROR_MESSAGE

The error message generated by the component when an error occurs. This is an After variable and it returns a string. This variable functions only if the Die on error check box is selected.

Records InputStream

The input stream being processed. This is an After variable and it returns a record.

Usage

Usage guidance Description
Usage rule This component can be used alone or with other S3 components, e.g. tS3Connection.

Currently, there is no component for directly retrieving data from an S3 object in a standard Job. To retrieve data from an S3 object through a standard Job, you can download the S3 object as a file using the tS3Get component and then retrieve data from the file using a file input component. See Retrieving data from an S3 object for related information.
Dynamic settings

Click the [+] button to add a row in the table and fill the Code field with a context variable to choose your database connection dynamically from multiple connections planned in your Job. This feature is useful when you need to access database tables having the same data structure but in different databases, especially when you are working in an environment where you cannot change your Job settings, for example, when your Job has to be deployed and executed independent of Talend Studio.

Once a dynamic parameter is defined, the Component List box in the Basic settings view becomes unusable.

For examples on using dynamic parameters, see Reading data from databases through context-based dynamic connections and Reading data from different MySQL databases using dynamically loaded connection parameters. For more information on Dynamic settings and context variables, see Dynamic schema and Creating a context group and define context variables in it.
Related concepts

Did this page help you?

If you find any issues with this page or its content – a typo, a missing step, or a technical error – please let us know!

Leave your feedback here