Set Up Cross-Account S3 Access | Teradata Vantage on AWS - 2.1 - Managing Your S3 Storage Access to Use the NOS Connector with Vantage on AWS - Teradata Vantage on AWS

Teradata Vantageā„¢ on AWS Getting Started Guide

Product
Teradata Vantage on AWS
Release Number
2.1
Release Date
November 2020
Content Type
Configuration
Implementation
Installation
Publication ID
B700-4015-090K
Language
English (United States)
To access Amazon S3 storage from your Vantage on AWS deployment using NOS, you must first work with Teradata to grant cross-account access to the target objects.
Using policies at the bucket level, you can define the following permissions:
  • Who can access (Principal element)
  • Which objects they can access (Resource element)
  • How they can access (Action element)

Use multiple policies to define granular access to different objects in the bucket. You can also review the bucket policy to see who can access objects. See https://aws.amazon.com/premiumsupport/knowledge-center/cross-account-access-s3/.

  1. Create an S3 bucket in your AWS account and provide the name to Teradata.
    For more granular control, also provide names of any folders within the bucket to grant access.
  2. Once Teradata creates the IAM user or role with the necessary permissions, configure the bucket policy for the S3 bucket and grant permissions to the Teradata IAM user or role.
    Use the same S3 bucket and folder names provided to Teradata.
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "AllowTeradataNOSAccessToSpecifiedS3Buckets",
    	    "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::TeradataAWSAccountID:user/TeradataIAMUsername"
                },
                "Action": [
    		"s3:ListBucket",
    		"s3:GetBucketLocation",
    		"s3:PutObject",
      		"s3:GetObject"
                ],
                "Resource": [
    		"arn:aws:s3:::S3BucketName/*",
    		"arn:aws:s3:::S3BucketName/S3FolderName/*"
                ]
            }
        ]
    }