Configuring Amazon S3 Connection Details

Amazon S3, also known as Amazon Simple Storage Service, is a service provided by Amazon Web Services (AWS). It lets you store and manage your data as objects through a web service interface.

Prerequisites

The following permissions are required for configuring Amazon S3:

"s3:Get*"
"s3:List*"
"s3:PutObject"
"s3:PutObjectTagging"
"kms:Encrypt"
"kms:Decrypt"

Configuring Amazon S3 Connection Details

Sign in to the Lazsa Platform and click Configuration in the left navigation pane.
On the Platform Setup screen, on the Cloud Platform, Tools & Technologies tile, click Configure.
On the Cloud Platform, Tools & Technologies screen, in the Databases and Data Warehouses section, click Configure.
(After you save your first connection details in this section, you see the Modify button here.)
In the list of available database and data warehouse options, click .

On the Amazon S3 connection details screen, do the following:

In the Details section, provide the following details:

Field	Description
Name	Give a unique name to your Amazon S3 configuration. This name is used to save and identify your specific Amazon S3 connection details within theLazsa Platform.
Description	Provide a brief description that helps you identify the purpose or context of this Amazon S3 configuration.

In the Configuration section, provide the following information:

Field	Description
Bucket Name	Enter the name of your Amazon S3 bucket. This is the main container for storing objects (files) in S3.
Prefix	In Amazon S3, a prefix is a string of characters that comes before the object name within a bucket. It is used to organize and categorize objects in a hierarchical manner, simulating a folder structure. Use slashes ("/") to represent different levels of hierarchy. For example, `mybucket/folder1/folder2/object3.txt`
Region	From the dropdown list, select the AWS availability region where the specified S3 bucket is located.

Depending on how you want to retrieve the access credentials to connect to your Amazon S3, do one of the following:

Field	Description
Connect using Lazsa Orchestrator Agent	Enable this option to resolve your Amazon S3 access credentials within your private network via Lazsa Orchestrator Agent without sharing them with the Lazsa Platform. Select the Lazsa Orchestrator Agent that you want to use from the list of your configured agents. Select an agent installed in an Amazon EKS cluster. The secrets management tool AWS Secrets Manager is auto-selected. Do the following: Secret Name: Provide the name of the secret in AWS Secrets Manager where you store your Amazon S3 access credentials. Master AWS Account: The AWS account ID, where the Lazsa Platform is installed, is auto-populated. External ID Key: Provide the key in the AWS Secrets Manager secret containing the External ID value. Cross Account Role ARN Key: The key in the AWS Secrets Manager secret containing the Cross Account Role ARN value.
Select Secret Manager	Select Lazsa and do the following: Master AWS Account: The AWS account ID, where the Lazsa Platform is installed, is auto-populated. External ID: This is the unique identifier generated by Calibo. You need to mention this ID in the IAM role policy that you create to allow the Lazsa Platform to access your AWS account. If you use the Calibo-provided CFT for IAM role policy, this ID is already mentioned in the template. You can copy this ID for your reference. Cross Account Role ARN: After you create an IAM role and attach a policy to establish a trusted relationship between your AWS account and Calibo's AWS account, you can provide the role's Amazon Resource Name (ARN) here. This ARN is required for the Lazsa Platform to assume the role that you create in your AWS account. In this case, the user credentials are securely stored in the Lazsa-managed secrets store. Select AWS Secrets Manager. In the Secret Management dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the Secret Name, Username Key, and the Password Key for the Lazsa Platform to retrieve the secrets for your Amazon S3. Select Azure Key Vault. In the Secret Management dropdown list, the Azure Key Vault configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the Vault Name, Username Secret, and Password Secret for the Lazsa Platform to retrieve the credential values.

Field

Description

Connect using Lazsa Orchestrator Agent

Enable this option to resolve your Amazon S3 access credentials within your private network via Lazsa Orchestrator Agent without sharing them with the Lazsa Platform.

Select the Lazsa Orchestrator Agent that you want to use from the list of your configured agents.

Select an agent installed in an Amazon EKS cluster. The secrets management tool AWS Secrets Manager is auto-selected. Do the following:

Secret Name: Provide the name of the secret in AWS Secrets Manager where you store your Amazon S3 access credentials.
Master AWS Account: The AWS account ID, where the Lazsa Platform is installed, is auto-populated.
External ID Key: Provide the key in the AWS Secrets Manager secret containing the External ID value.
Cross Account Role ARN Key: The key in the AWS Secrets Manager secret containing the Cross Account Role ARN value.

Select Secret Manager

Select Lazsa and do the following:
Master AWS Account: The AWS account ID, where the Lazsa Platform is installed, is auto-populated.
External ID: This is the unique identifier generated by Calibo. You need to mention this ID in the IAM role policy that you create to allow the Lazsa Platform to access your AWS account. If you use the Calibo-provided CFT for IAM role policy, this ID is already mentioned in the template. You can copy this ID for your reference.
Cross Account Role ARN:
After you create an IAM role and attach a policy to establish a trusted relationship between your AWS account and Calibo's AWS account, you can provide the role's Amazon Resource Name (ARN) here. This ARN is required for the Lazsa Platform to assume the role that you create in your AWS account.
In this case, the user credentials are securely stored in the Lazsa-managed secrets store.
Select AWS Secrets Manager. In the Secret Management dropdown list, the AWS Secrets Manager configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the Secret Name, Username Key, and the Password Key for the Lazsa Platform to retrieve the secrets for your Amazon S3.
Select Azure Key Vault. In the Secret Management dropdown list, the Azure Key Vault configurations that you save and activate in the Secret Management section on the Cloud Platform, Tools & Technologies screen are listed for selection. Select the configuration of your choice. Provide the Vault Name, Username Secret, and Password Secret for the Lazsa Platform to retrieve the credential values.

Audit Tables Folder Name (Optional):
This is an optional field. Specify the folder name where audit tables can be stored.
Click Test Connection to validate whether you have configured the correct connection details and you can connect to your Amazon S3 bucket successfully.
Secure configuration details with a password
To password-protect your Amazon S3 connection details, turn on this toggle, enter a password, and then retype it to confirm. This is optional but recommended. When you share the connection details with multiple users, password protection helps you ensure authorized access to the connection details.
Click Save Configuration. The configured connection details, you can see the configuration listed on the Databases and Data Warehouses screen.