Data Integrations > AWS Access Key

AWS Access Key

This page describes how to give Rockset access to your data in Amazon AWS using access key authentication for an IAM user.

We will create an IAM policy, attach the policy to a new IAM user, and store the user’s access key ID and secret access key in a Rockset integration. Note that variations on the steps outlined here are possible (such as configuring an inline policy directly for the IAM user).

Create IAM Policy

Perform these steps in the AWS account where your data resides.

  1. Sign in to the AWS Management Console and navigate to the IAM service.
  2. Under Policies, click Create policy. AWS IAM Policies
  3. Choose the JSON editor and enter a policy configuration. The permissions required for your policy depend on which AWS service your data is in. Recommended policies for each service are shown below and can be pasted directly into the AWS JSON editor (provided you replace all instances of rockset-source with the name of your resource).
S3
Kinesis
DynamoDB
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:List*"
      ],
      "Resource": [
        "arn:aws:s3:::bucket",
        "arn:aws:s3:::bucket/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetObject"
      ],
      "Resource": [
        "arn:aws:s3:::bucket/path/to/scoped/data/*"
      ]
    }
  ]
}
  1. Continue, give the policy a name, and create the policy.

Create IAM User

  1. Sign in to the AWS Management Console and navigate to the IAM service.
  2. Under Users, click Add user. AWS IAM Users
  3. Enter a name for the user and check the Programmatic access option. Click to continue. AWS IAM Create User
  4. Choose Attach existing policies directly then select the policy you created in the previous section. Click through the remaining steps to finish creating the user. AWS IAM Attach Policy
  5. When the new user is successfully created you should see the Access key ID and Secret access key displayed on the screen. Make sure to keep this window open or record these as they will be needed in the next section. AWS IAM Access Key

Create Integration

We will store the access key ID and secret access key for the IAM user you created in Rockset as an integration object. When creating a new collection, you can to access and ingest data.

Using Console

In the Rockset console, navigate to Manage > Integrations and click Create Integration.

Rockset Create Integration

On this screen, select AWS Access Key for the type and enter a name and description. Fill the access key ID and secret access key from the user you created in the previous section.

Using CLI

Assuming you have the rock CLI installed, you can create an integration by running the command shown below.

$ rock create integration "my_integration_name" \
  --type=AWS \ 
  --aws_access_key_id="my_access_key_id" \
  --aws_secret_access_key="my_secret_access_key" \
Integration "my_integration_name" was created successfully.