Attach an Amazon Web Services S3 volume


Attach a volume for use on CAVATICA's visual interface. Use this tutorial if your cloud storage provider is Amazon Web Services (AWS).

Or, learn more if the storage bucket that you want to attach is hosted on Google Cloud Storage (GCS).


  1. An Amazon Web Services (AWS) account.
  2. One or more buckets on this AWS account.

Step 1: Access the Volumes Dashboard

  1. Click on the Data tab of the top navigation bar.
  2. Select Volumes from the drop-down menu.

Step 2: Choose a cloud storage provider

  1. On the Volumes Dashboard, click +Attach volume.
  2. Select Amazon Web Services as your cloud storage provider.

Step 3: Provide S3 bucket details

  1. Enter your S3 bucket name, as displayed in the AWS Management Console
  2. (Optional) Define a new name for the volume created from this S3 bucket on CAVATICA.
  3. (Optional) Enter a description for your volume.
  4. Select access privileges: choose between Read only (RO) and Read and Write (RW) permissions.
  5. (Optional) enter a prefix. Learn more about prefixes.
  6. Click Next.

Step 4: Copy the policy

In this step, copy the policy and use it to create a new custom policy in the AWS Management Console.

  1. Copy the policy from the text box on CAVATICA.
  2. Go to the AWS Management Console.
  3. In the top menu select Services and then choose IAM.
  4. In the left navigation menu select Policies.
  5. Click Create policy and select the JSON tab.
  6. Paste the policy you copied from the wizard on CAVATICA, replacing the existing content.
  7. Click Review policy and enter a policy name, e.g. sb-access-policy (remember this policy name as you will need to attach it later to the IAM user).
  8. (Optional) Enter the policy description.
  9. Click Create policy to finish process of policy creation.

Step 5: Set up an IAM user and enter its details

Authentication of CAVATICA is done through AWS Identity and Access Management (IAM) services and, specififcally using the IAM user authentication method.

Follow these steps to set up an AWS IAM user that you will use to connect an S3 bucket (volume) to CAVATICA:

  1. In the volume connection wizard on CAVATICA select IAM User.
  2. Go to the AWS Management Console.
  3. In the top menu select Services and then choose IAM.
  4. In the left navigation menu select Users, and then choose Add user.
  5. Enter the User name for the user you are creating.
  6. In the Access type section, select Programmatic access.
  7. Click Next: Permissions.
  8. In the Set permissions section select Attach existing policies directly.
  9. Use search bar to find and select the policy you created earlier (e.g. sb-access-policy)
  10. Click Next: Tags.
  11. (Optional) Add tags to the user. These are key-value pairs that contain additional information about the IAM user and are not necessary for the process of attaching a volume to CAVATICA.
  12. Click Next: Review. The user details screen is displayed. Check once again that all entered information is correct.
  13. Click Create user. You will see a message that the user is successfully created.
  14. On the confirmation screen, copy the provided Access key ID and Secret access key and use them for volume creation on CAVATICA.
  15. Click Close.
  16. On CAVATICA, enter Access Key ID and Secret Access Key in the corresponding fields of the volume connection wizard.
  17. Click Next.

Step 6: Configure additional options

In this tab, you have the option to configure the endpoint, including a FIPS endpoint if you need to use one. You can also set up server-side encryption, and AWS Canned ACL.

Step 7: Review volume details

On this tab, review the details for your volume and click Connect.

Next step

Congratulations! You've attached your volume to CAVATICA. You can make individual data objects within it available as "aliases" on CAVATICA. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on CAVATICA. We call this operation "importing". Learn more about working with aliases.