Skip to content

Commit 6a2fc1a

Browse files
Paul-CornellPaul-Cornell
authored
S3 connectors: UI and Workflow Endpoint - how to specify a FIPS bucket and use ambient credentials (#721)
1 parent 21d307c commit 6a2fc1a

File tree

5 files changed

+89
-0
lines changed

5 files changed

+89
-0
lines changed

api-reference/workflow/destinations/s3.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,12 @@ import S3BucketCLI from '/snippets/general-shared-text/s3-cli-setup.mdx';
3232

3333
<S3BucketCLI />
3434

35+
## FIPS and ambient credentials
36+
37+
import S3AmbientCreds from '/snippets/general-shared-text/s3-ambient-creds.mdx';
38+
39+
<S3AmbientCreds />
40+
3541
## Create the destination connector
3642

3743
To create an S3 destination connector, see the following examples.

api-reference/workflow/sources/s3.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,12 @@ import S3Metadata from '/snippets/general-shared-text/s3-metadata.mdx';
3838

3939
<S3Metadata />
4040

41+
## FIPS and ambient credentials
42+
43+
import S3AmbientCreds from '/snippets/general-shared-text/s3-ambient-creds.mdx';
44+
45+
<S3AmbientCreds />
46+
4147
## Create the source connector
4248

4349
To create an S3 source connector, see the following examples.

snippets/general-shared-text/s3-ambient-creds.mdx

Lines changed: 65 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,65 @@
1+
<Note>
2+
The following information applies to [Unstructured Enterprise](/enterprise/overview) accounts only.
3+
</Note>
4+
5+
Unstructured Enterprise accounts support the Federal Information Processing Standard (FIPS) for
6+
Amazon S3. [Learn more about AWS support for FIPS](https://aws.amazon.com/compliance/fips/). Specifically,
7+
when creating an S3 connector with the [Unstructured user interface (UI)](/ui/overview) or
8+
[Unstructured Workflow Endpoint](/api-reference/workflow/overview), Unstructured Enterprise accounts
9+
support the use of `fips`-based
10+
[S3 endpoints](https://docs.aws.amazon.com/general/latest/gr/s3.html) and, for authenticated access to
11+
S3 FIPS buckets, S3 ambient credentials.
12+
13+
To use the Unstructured (UI) to set up an S3 source or destination connector
14+
to use an S3 FIPS bucket and S3 ambient credentials, do the following:
15+
16+
1. Create an environment variable named `ALLOW_AMBIENT_CREDENTIALS_S3`, and set its value to `true`.
17+
2. When creating the connector, for the S3 connector's **Bucket URI** field, specify the path to the S3 FIPS bucket, formatted as
18+
`https://<bucket-name>.<endpoint>`, for example
19+
`https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com`.
20+
If the target files are in a folder, specify the path to the target folder in the S3 FIPS bucket instead,
21+
formatted as `https://<bucket-name>.<endpoint>/path/to/folder` (for example,
22+
`https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com/my-folder/`).
23+
3. For the **Authentication Method** field, select **Ambient Credentials**.
24+
4. Check the box labelled **Use Ambient Credentials**.
25+
5. Save and test the connector.
26+
27+
To use the Unstructured Workflow Endpoint to set up an S3 source or
28+
destination connector to use an S3 FIPS bucket and S3 ambient credentials, do the following:
29+
30+
1. Create an environment variable named `ALLOW_AMBIENT_CREDENTIALS_S3`, and set its value to `true`.
31+
2. When creating the connector,
32+
for the `config` parameter's `remote_url` field, specify the path to the S3 FIPS bucket, formatted as
33+
`https://<bucket-name>.<endpoint>`, for example
34+
`https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com`.
35+
If the target files are in a folder, specify the path to the target folder in the S3 FIPS bucket instead,
36+
formatted as `https://<bucket-name>.<endpoint>/path/to/folder` (for example,
37+
`https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com/my-folder/`).
38+
3. For the `config` parameter, add an `ambient_credentials` field, and set its value to true. For example:
39+
40+
<CodeGroup>
41+
```python Python SDK
42+
# ...
43+
config={
44+
"...": "...",
45+
"remote_url": "https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com/my-folder/",
46+
"ambient_credentials": True
47+
}
48+
# ...
49+
```
50+
51+
```bash curl
52+
# ...
53+
{
54+
"...": "...",
55+
"config": {
56+
"...": "...",
57+
"remote_url": "https://my-bucket-name.s3-fips.us-gov-east-1.amazonaws.com/my-folder/",
58+
"ambient_credentials": "true"
59+
}
60+
}
61+
# ...
62+
```
63+
</CodeGroup>
64+
65+
4. Run your code to create the connector.

ui/destinations/s3.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,12 @@ import S3BucketCLI from '/snippets/general-shared-text/s3-cli-setup.mdx';
3232

3333
<S3BucketCLI />
3434

35+
## FIPS and ambient credentials
36+
37+
import S3AmbientCreds from '/snippets/general-shared-text/s3-ambient-creds.mdx';
38+
39+
<S3AmbientCreds />
40+
3541
## Create the destination connector
3642

3743
To create the destination connector:

ui/sources/s3.mdx

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,12 @@ import S3Metadata from '/snippets/general-shared-text/s3-metadata.mdx';
3838

3939
<S3Metadata />
4040

41+
## FIPS and ambient credentials
42+
43+
import S3AmbientCreds from '/snippets/general-shared-text/s3-ambient-creds.mdx';
44+
45+
<S3AmbientCreds />
46+
4147
## Create the source connector
4248

4349
To create the source connector:

0 commit comments

Comments
 (0)