Attach an Amazon Web Services (AWS) volume through the visual interface (IAM role)

📘

Navigation

Overview

Attach a volume for use on Cavatica's visual interface. Use this tutorial if your cloud storage provider is Amazon Web Services (AWS).

Prerequisite

  1. An Amazon Web Services (AWS) account.
  2. One or more buckets on this AWS account.

Step 1: Access the Volumes Dashboard

  1. Click on the Data tab of the top navigation bar.
  2. Select Volumes from the drop-down menu.

Step 2: Choose a cloud storage provider

  1. On the Volumes Dashboard, click +Attach volume.
  2. Select Amazon Web Services as your cloud storage provider.

Step 3: Provide S3 bucket details

  1. Enter your S3 bucket name, as displayed in the AWS Management Console
  2. (Optional) Define a new name for the volume created from this S3 bucket on Cavatica.
  3. (Optional) Enter a description for your volume.
  4. Select access privileges: choose between Read only (RO) and Read and Write (RW) permissions.
  5. (Optional) enter a prefix. Learn more about prefixes.
  6. Click Next.

Step 4: Copy the policy

In this step, copy the policy and use it to create a new custom policy in the AWS Management Console.

  1. Copy the policy from the text box on Cavatica.
  2. Go to the AWS Management Console.
  3. In the top menu select Services and then choose IAM.
  4. In the left navigation menu select Policies.
  5. Click Create policy and select the JSON tab.
  6. Paste the policy you copied from the wizard on Cavatica, replacing the existing content.
  7. Click Next: Tags
  8. (Optional) Add tags that will help you identify the policy.
  9. Click Next: Review.
  10. Enter a policy name, e.g. sb-access-policy (remember this policy name as you will need to attach it later to the IAM role).
  11. (Optional) Enter the policy description.
  12. Click Create policy to finish process of policy creation.

Step 5: Set up an IAM role and enter its details

Authentication of Cavatica is done through AWS Identity and Access Management (IAM) services.

Follow these steps to create an AWS IAM role that you will use to connect an S3 bucket (volume) to Cavatica:

  1. Log in to the AWS Management Console.
  2. In the top menu select Services and then choose IAM.
  3. In the left navigation menu select Roles, and then choose Create role.
  4. In the Select type of trusted entity section, choose Another AWS account.
  5. Enter the following values:
    • Account ID: 151136852077
    • Check Require External ID and enter at least 6 characters (strongly recommended).
  6. Click Next: Permissions.
  7. Use the search bar to find and select the policy you created earlier (e.g. sb-access-policy)
  8. Click Next: Tags.
  9. (Optional) Add tags to the role. These are key-value pairs that contain additional information about the IAM role and are not necessary for the process of attaching a volume to Cavatica.
  10. Click Next: Review
  11. Enter Role name and its optional description.
  12. Click Create role to complete the process of role creation. List of all available roles opens.
  13. Click the name of your newly created role to see the necessary details.
  14. Copy the value of Role ARN and paste it in the corresponding field of the volume connection wizard on Cavatica.
  15. In the AWS Management Console, under the Trust relationships tab click Edit trust relationship.
  16. Copy the value of sts:ExternalId and paste it in the corresponding field of the volume connection wizard on Cavatica.
  17. On Cavatica, copy the generated policy from the text box at the bottom of the wizard.
  18. Go back to the AWS Management Console.
  19. Under the Trust relationships tab for your IAM role, click Edit trust relationship and replace the Policy Document with the copied policy.
  20. Click Update Trust Policy to save the update.
  21. On Cavatica, click Next in the volume connection wizard.

Step 6: Configure additional options

In this tab, you have the option to configure the endpoint, server-side encryption, and AWS Canned ACL.

Step 7: Review volume details

On this tab, review the details for your volume and click Connect.

Next step

Congratulations! You've attached your volume to Cavatica. You can make individual data objects within it available as "aliases" on Cavatica. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on Cavatica. We call this operation "importing".