17.10 - IAM Roles - Access Module

Teradata® Tools and Utilities Access Module Reference

Product
Access Module
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
uur1608578381725.ditamap
dita:ditavalPath
obe1474387269547.ditaval

IAM roles are an AWS-specific feature that allow jobs running on an AWS EC2 instance to perform operations without there needing to be an explicit (and exposed) Key ID and Secret Key. It further simplifies credentials management because the permission that is granted to a node can be revoked at any time without having to change the Key ID or Secret Key. Many customers prefer using IAM roles to using explicit IDs and Keys. IAM roles can be managed from the AWS Web Console.

The IAM roles needed to support the TPT-S3 connector must have at least these permissions:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListAllMyBuckets",
                "s3:GetBucketLocation"
            ],
            "Resource": "*"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket",
                "s3:GetObject",
                "s3:PutObject",
                "s3:DeleteObject"
            ],
            "Resource": [
                "arn:aws:s3:::your_bucket_name_here",
                "arn:aws:s3:::your_bucket_name_here/*"
            ]
        }
    ]
}