Accessing buckets in a different AWS account

You must configure read-only or read/write access using default encryption to external S3 buckets in AWS accounts that are different from the CDW cluster account.

Required role: DWAdmin

Identify and activate the environment you want to configure for access to an external bucket in a different AWS account.
In the AWS Management Console, identify the external S3 bucket you want to configure access to.

In the CDW UI Overview, click Environments, choose the environment that is activated for the Virtual Warehouses you want to use with the external AWS bucket, and click Options > Edit .
In Environment Details, in the Enter s3 bucket name, type the name of the AWS bucket you want to configure access to
Select Bucket belongs to different AWS Account. The CDW bucket policy appears.
Click Copy .
Open the AWS Management Console for the different account where the external bucket is located and navigate to the bucket to which you want to configure access.
On the bucket details page of AWS Management Console, click the Permissions tab, click Bucket Policy, paste the policy from CDW, and click Save:
In the CDW UI Environment Details page, specify either Read Only or Read Write access for the external bucket.

note

For Read Write access only: if you do not need to use a custom encryption key, leave the ENCRYPTION SETTINGS text box blank. If you do not use a custom key, the system uses AES256 encryption by default. If you need to use a custom encryption key, see the previous topic. Read Only access does not involve encryption.
Click Add Bucket to save the configuration. A success message displays at the top of the page.

If you have configured Read Write access, you must restart the Virtual Warehouses that are associated with this environment for the configuration changes to take effect.