Accessing buckets in a different AWS account

You must configure read-only or read/write access using default encryption to external S3 buckets in AWS accounts that are different from the CDW cluster account.

Required role: DWAdmin

Identify and activate the environment you want to configure for access to an external bucket in a different AWS account.
In the AWS Management Console, identify the external S3 bucket you want to configure access to.

On the CDW UI Overview page, go to the Environments tab and locate the environment for which you want to configure access to an external AWS bucket, and then click > Edit.
This loads the Environment Details page.
Go to the Configuration tab and type the name of the AWS bucket you want to configure access to in the Add External S3 Bucket field.
Select Bucket belongs to different AWS Account. The CDW bucket policy appears.
Click Copy .
Open the AWS Management Console for the different account where the external bucket is located and navigate to the bucket to which you want to configure access.
On the bucket details page of AWS Management Console, click the Permissions tab, click Bucket Policy, paste the policy from CDW, and click Save:
In the CDW UI Environment Details page, specify either Read Only or Read Write access for the external bucket.

note

For Read Write access only: if you do not need to use a custom encryption key, leave the ENCRYPTION SETTINGS text box blank. If you do not use a custom key, the system uses AES256 encryption by default. If you need to use a custom encryption key, see the previous topic. Read Only access does not involve encryption.
Click Add Bucket to save the configuration. A success message displays at the top of the page.

If you have configured Read Write access, you must restart the Virtual Warehouses that are associated with this environment for the configuration changes to take effect.