Creating an Amazon Web Services (AWS) iClient allows you to secure and manage your Amazon connections quickly.
You can create an iClient at → or directly in an Amazon S3 connection.
Tip
Open your AWS Console in a separate window, so you can quickly generate, copy, and paste the required fields.
|
Setting |
Description |
|---|---|
|
Name * |
Enter a clear and distinguishable name. |
|
Celigo AWS account ID * (read-only) |
Copy |
|
Role ARN * |
After creating your IAM Role in AWS, copy the role's ARN and paste it here. Your role ARN’s name must begin with Amazon Resource Names (ARNs) uniquely identify AWS resources. While ARNs, like any identifying information, should be used and shared carefully, they are not considered secret, sensitive, or confidential information. |
|
External ID * (read-only) |
Generate and copy |
Before you begin, ensure your AWS account permissions allow you to create and modify IAM permissions policies and create and modify IAM roles.
Create an IAM role. When creating the role:
-
Select → .
-
Select Another AWS account and paste Celigo's AWS account ID.
-
Select → and paste the external ID generated by Celigo.
-
Add a Role name and description. This role's name must follow the following pattern:
celigo-file-adaptor<Name>. You must prependceligo-file-adaptorto your Role's name. -
Create inline policies to add to the role. The trust policy allows Celigo to assume the role. It does not grant access to S3. You can add policies via the console or using JSON:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "s3:HeadBucket", "Resource": "arn:aws:s3:::<your-bucket>" }, { "Effect": "Allow", "Action": "s3:ListBucket", "Resource": "arn:aws:s3:::<your-bucket>" }, { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:PutObject" ], "Resource": "arn:aws:s3:::<your-bucket>/*" } ] } -
Copy your IAM role's ARN.