|
| 1 | +# Tinybird Versions - Create new S3 Data Source |
| 2 | + |
| 3 | +- [Optional] If you don't have any connection created, first you need to create a new one from the main Workspace. You can use the CLI, it's a guided process. |
| 4 | + |
| 5 | +``` |
| 6 | +tb auth # use the main Workspace admin token |
| 7 | +tb connection create s3_iamrole |
| 8 | +
|
| 9 | +[1] Log into your AWS Console |
| 10 | +
|
| 11 | +Press y to continue: y |
| 12 | +
|
| 13 | +[2] Go to IAM > Policies. Create a new policy with the following permissions. Please, replace <bucket> with your bucket name: |
| 14 | +
|
| 15 | +{ |
| 16 | + "Version": "2012-10-17", |
| 17 | + "Statement": [ |
| 18 | + { |
| 19 | + "Effect": "Allow", |
| 20 | + "Action": [ |
| 21 | + "s3:GetBucketLocation", |
| 22 | + "s3:ListBucket" |
| 23 | + ], |
| 24 | + "Resource": "arn:aws:s3:::dev-alrocar" |
| 25 | + }, |
| 26 | + { |
| 27 | + "Effect": "Allow", |
| 28 | + "Action": [ |
| 29 | + "s3:GetObject", |
| 30 | + "s3:PutObject", |
| 31 | + "s3:PutObjectAcl" |
| 32 | + ], |
| 33 | + "Resource": "arn:aws:s3:::dev-alrocar/*" |
| 34 | + } |
| 35 | + ] |
| 36 | +} |
| 37 | +
|
| 38 | +(The policy has been copied to your clipboard) |
| 39 | +
|
| 40 | +Press y to continue: y |
| 41 | +
|
| 42 | +[3] Go to IAM > Roles. Create a new IAM Role using the following custom trust policy and attach the access policy you just created in the previous step: |
| 43 | +
|
| 44 | +{ |
| 45 | + "Version": "2012-10-17", |
| 46 | + "Statement": [ |
| 47 | + { |
| 48 | + "Effect": "Allow", |
| 49 | + "Action": "sts:AssumeRole", |
| 50 | + "Principal": { |
| 51 | + "AWS": "arn:aws:iam::<id>:root" |
| 52 | + }, |
| 53 | + "Condition": { |
| 54 | + "StringEquals": { |
| 55 | + "sts:ExternalId": "<external_id>" |
| 56 | + } |
| 57 | + } |
| 58 | + } |
| 59 | + ] |
| 60 | +} |
| 61 | +
|
| 62 | +(The policy has been copied to your clipboard) |
| 63 | +
|
| 64 | +Press y to continue: y |
| 65 | +Enter the ARN of the role you just created: arn:aws:iam::<id>:role/create_s3_datasource |
| 66 | +Enter the region where the bucket is located: eu-north-1 |
| 67 | +Enter the name for this connection: create-s3-datasource |
| 68 | +
|
| 69 | +** create-s3-datasource.connection created successfully! Connection details saved in your connection file. |
| 70 | +** Info associated with this connection: |
| 71 | +** External ID: <external_id> |
| 72 | +** Role ARN: arn:aws:iam::<id>:role/create_s3_datasource |
| 73 | +``` |
| 74 | + |
| 75 | + |
| 76 | +[Step 1 PR](https://github.com/tinybirdco/use-case-examples/pull/329) |
| 77 | + |
| 78 | +- Create a new branch |
| 79 | +- Create a new S3 Data Source using the connection create in the step above or any other connection you want to use from the main Workspace |
| 80 | + ```sql |
| 81 | + SCHEMA > |
| 82 | + `t` String |
| 83 | + |
| 84 | + ENGINE MergeTree |
| 85 | + ENGINE_SORTING_KEY t |
| 86 | + |
| 87 | + IMPORT_SERVICE s3_iamrole |
| 88 | + IMPORT_CONNECTION_NAME create-s3-datasource |
| 89 | + IMPORT_BUCKET_URI s3://dev-alrocar/folder1/*.csv |
| 90 | + IMPORT_STRATEGY append |
| 91 | + IMPORT_SCHEDULE @on-demand |
| 92 | + ``` |
| 93 | +- Commit and wait for CI. You can check in the temporary CI branch that everything works as expected. Note S3 Data Sources do not run in branches, so if you want to run some test you need to use [fixtures](https://www.tinybird.co/docs/production/implementing-test-strategies#fixture-tests) |
| 94 | +- Merge and wait for CD. |
| 95 | +- [Optionally] Run `tb datasource sync <datasource_name>` to force sync and populate the new Data Source. |
| 96 | +
|
| 97 | +[Internal Workspace](https://app.tinybird.co/gcp/europe-west3/create_s3_ds) |
0 commit comments