AWS S3 connector

Amazon Simple Storage Service (S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. The AWS S3 connector allows you to retrieve and modify your AWS S3 resources.

Requirements

AWS account with S3 and IAM services enabled.

Revoke Access

To revoke access the user must delete the associated trust policy or IAM role created at connection creation time.

Authorize your account

When you add an AWS S3 card to a flow for the first time, you'll be prompted to configure the connection. This enables you to connect your AWS account, save your account information, and reuse the connection for future AWS S3 flows. See Authorization.

AWS S3 connector action cards

Action

Description

Copy Object Creates a copy of an object that is already stored in AWS S3.
Create Bucket Creates a new AWS S3 bucket.
Custom API Action Make a custom, authenticated HTTP call to the AWS API.
Delete Bucket Deletes a specified AWS S3 bucket.
Delete Object Deletes an object in a specified AWS S3 bucket.
Download Object Download an object in a specified AWS S3 bucket.
Read Object Retrieve metadata of an object in AWS S3.
Read Object Tags Read tags associated with an object in AWS S3.
Search Buckets Search buckets owned by the authenticated user in AWS S3.
Search Objects Search objects in a specified bucket in AWS S3.
Tag Object Sets the supplied tag-set to an object that already exists in a bucket.

Supported scopes

The AWS S3 connector requires the following AWS permissions.

Action

Scope

Copy Object s3:ListBucket

s3:GetObject

s3:PutObject

s3:PutObjectAcl

s3:PutObjectTagging

s3:PutObjectVersionTagging

s3:GetObjectVersion

s3:GetObjectTagging

s3:GetObjectLegalHold

s3:GetObjectRetention

s3:BypassGovernanceRetention

s3:PutBucketObjectLockConfiguration

s3:PutObjectLegalHold

s3:PutObjectRetention

Create Bucket s3:CreateBucket

s3:PutBucketAcl

s3:PutBucketObjectLockConfiguration

s3:PutBucketVersioning

s3:PutBucketOwnershipControls

Delete Bucket s3:DeleteBucket
Delete Object s3:BypassGovernanceRetention

s3:DeleteObject

s3:DeleteObjectVersion

s3:PutLifeCycleConfiguration

Download Object s3:GetObject

s3:GetObjectVersion

s3:ListBucket

Read Object s3:GetObject

s3:GetObjectVersion

s3:ListBucket

s3:GetObjectLegalHold

s3:GetObjectRetention

Read Object Tags s3:GetObjectTagging

s3:GetObjectVersionTagging

Search Buckets s3:ListAllMyBuckets
Search Objects s3:ListBucket
Tag Object s3:PutObjectTagging

s3:PutObjectVersionTagging

Important Note

Server Side Encryption is abbreviated to SSE for the AWS S3 card fields.

Related topics

AWS S3 connector

About the elements of Okta Workflows

AWS S3 Rest API overview