Version 23.3.8700

• AwsRootKeys
• AwsEC2Roles
• AwsIAMRoles
• ADFS
• Okta
• PingFederate
• AwsMFA
• AwsTempCredentials
• AwsCredentialsFile

For the Amazon S3 connection type, specify these settings:

• AWS Region - Select the hosting region for your Amazon Web Services. The default region is NORTHERNVIRGINIA.

• Auth Scheme - Select your authentication scheme below to proceed to the relevant section for your scheme. Then fill out the settings as specified in that section.

  • AwsRootKeys
  • AwsEC2Roles
  • AwsIAMRoles
  • ADFS
  • Okta
  • PingFederate
  • AwsMFA
  • AwsTempCredentials
  • AwsCredentialsFile
  • AzureAD

AwsRootKeys

1. For the AwsRootKeys scheme, specify these settings:

   • AWS Access Key - Enter the access key that is associated with your Amazon Web Services (AWS) account. This value is accessible from your AWS security credentials page.

   • AWS Secret Key - Enter the secret key that is associated with your AWS account. This value is accessible from your AWS security credentials page.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

AwsEC2Roles

1. For the AwsEC2Roles scheme, specify these settings:

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

AwsIAMRoles

1. For the AwsIAMRoles scheme, specify these settings:

   • AWS Access Key - Enter the access key that is associated with your Amazon Web Services (AWS) account. This value is accessible from your AWS security credentials page.

   • AWS Secret Key - Enter the secret key that is associated with your AWS account. This value is accessible from your AWS security credentials page.

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

ADFS

1. For the ADFS scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your ADFS account.

   • Password - Enter the password that you use to authenticate to your ADFS account.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • Use Lake Information - Select True if you want to use lake information. The default setting is False.

   • SSO Properties - Enter the SSO properties (in a comma-separated list) that you want to use.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

Okta

1. For the Okta scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your Okta account.

   • Password - Enter the password that you use to authenticate to your Okta account.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • Use Lake Information - Select True if you want to use lake information. The default setting is False.

   • SSO Properties - Enter the SSO properties (in a comma-separated list) that you want to use.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

PingFederate

1. For the PingFederate scheme, specify these settings:

   • User - Enter the username that you use to authenticate to your PingFederate account.

   • Password - Enter the password that you use to authenticate to your PingFederate account.

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • SSO Login URL - Enter the login URL that is used by your SSO provider.

   • SSO Exchange UrI - Enter the Partner Service Identifier URI that is configured in your PingFederate server instance. The URI is available under SP Connections > SP Connection > WS-Trust > Protocol Settings.

   • Use Lake Information - Select True if you want to use lake information. The default setting is False.

   • AWS Principal ARN - The Amazon Resource Name (ARN) of the Security Assertion Markup Language (SAML) identity provider in your AWS account.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

AwsMFA

1. For the AwsMFA scheme, specify these settings:

   • AWS Access Key - Enter the access key that is associated with your Amazon Web Services (AWS) account. This value is accessible from your AWS security credentials page.

   • AWS Secret Key - Enter the secret key that is associated with your AWS account. This value is accessible from your AWS security credentials page.

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • MFA Serial Number - Enter the serial number for your multifactor authentication (MFA) device, if you are using such a device.

   • MFA Token - Enter the temporary token that is available from your MFA device.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

   • Temporary Token Duration - Enter the temporary token duration that you want for your temporary token. The default duration (in seconds) is 3600.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

AwsTempCredentials

1. For the AwsTempCredentials scheme, specify these settings:

   • AWS Access Key - Enter the access key that is associated with your Amazon Web Services (AWS) account. This value is accessible from your AWS security credentials page.

   • AWS Secret Key - Enter the secret key that is associated with your AWS account. This value is accessible from your AWS security credentials page.

   • AWS Role ARN - Enter the Amazon Resource Name (ARN) for the role with which you want to authenticate.

   • AWS Session Token - Enter your AWS session token. This token is provided with your temporary credentials. For more information, see AWS Identity and Access Management: User Guide.

   • AWS External Id - Enter the unique identifier that is required when you assume a role in another account.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.

AwsCredentialsFile

1. For the AwsCredentialsFile scheme, specify these settings:

   • AWS Credentials File - Enter the path to the AWS Credentials File that you want to use for authentication.

   • AWS Credentials File Profile - Enter the name of the profile that you want to use from the supplied AWS credentials file.

2. Enter a value for the Storage Base URL property. This value is the base S3 service URL. Make sure to specify the full URL (for example, http: //127.0.0.1:9000).

3. Complete the remaining steps for establishing your connection.