Amazon S3 Bucket Access
Styra DAS requires configuration of an AWS User and an Amazon S3 bucket in order for Styra DAS to securely access Amazon S3. Styra DAS supports Amazon S3 and S3 compatible bucket systems. Amazon S3 buckets can be utilized in Amazon S3 data sources, bundle registry, decision log, and activity log exporters.
The S3 buckets are configured from the following data elements:
- Bucket URL. For example:
- Custom endpoint or S3 compatible system endpoint. For example:
- Region. For example:
- Access key ID
- Secret access key
The Styra DAS UI hides the URL
curl --request POST \
--url ''$DAS_TENANT'/v1/workspace/s3/verify-config' \
--header 'authorization: Bearer '$DAS_WORKSPACE_TOKEN'' \
--header 'content-type: application/json' \
Secure AWS S3 bucket access
Secure Amazon S3 bucket access through the AWS IAM Management Console or the Amazon S3 Manager.
Use AWS IAM Management Console
Perform the following steps to create new user, setup permissions, and collect the access keys.
styra-storage are used as illustrations and can be changed to follow any enterprise naming conventions.
Create a new AWS user
styraand select Access key - Programmatic access.
StyraAccesspermissions policy and select Create policy to start the new permissions policy editor.
Setup permissions policy secure access
Add a policy for each S3 bucket or S3 bucket folder to grant DAS access to. To constrain access to a specific folder, change the resource to
arn:aws:s3:::styra-storage/foldername/*.Sample Permissions Policy
StyraAccesspermissions to the user.
Save the created user's security credentials.
Save the user's Access key ID and Secret access key for later use when configuring DAS S3 components.
Use Amazon S3 Manager
Perform the following S3 storage actions:
Create an S3 bucket.
Create a bucket retention policy.
The Styra DAS decision and activity exporters may write large amounts of files to the S3 bucket, based on decision and user activity log volume. These files do not have a defined retention period by default. Add a bucket retention policy to archive, move, or delete files based on your organization's data retention policies.