AWS configuration
You need the following items to be set up for AWS before you can extract metadata from an S3 bucket:
- AWS credentials
- The account for this AWS credential must have appropriate permissions to read from S3 buckets and the configured SQS Queue.
- If you are using CDP in the cloud, these credentials are configured as part of SDX and there isn't anything extra you need to do.
- If you are using CDP in a data center (installed on-premise or on virtual hardware in the cloud), you need to supply the extractor with AWS credentials. See Configure credentials for Atlas extraction.
- S3 Bucket access policies
- If you use a bucket other than the one specified by default when creating a CDP
environment, you need to update the
aws-cdp-bucket-access-policywith the additional bucket as a resource. See Minimal setup for cloud storage.
- If you use a bucket other than the one specified by default when creating a CDP
environment, you need to update the
- S3 Bucket encryption
- See AWS documentation "Amazon S3 default encryption for S3 buckets". Your choices for bucket and object encryption are transparent to Atlas as Atlas accesses the bucket through the authorized credentials you provide.
- S3 Bucket event publication
- If you intend to collect all activity that occurs on the data assets you are tracking, you should configure the buckets to publish, update and delete events. See To configure an S3 bucket to publish events.
- SQS queue
- Update an existing queue or configure a new one to pass S3 event information to Atlas. See To configure an SQS queue suitable for Atlas extraction.
