{"metadata":{"image":[],"title":"","description":""},"api":{"url":"","auth":"required","params":[],"settings":"","results":{"codes":[]}},"next":{"description":"","pages":[]},"title":"Attach an Amazon Web Services (AWS) volume","type":"basic","slug":"attach-an-amazon-web-services-aws-volume","excerpt":"","body":"## Overview\n\nAttach a volume for use on the CGC's visual interface. Use this tutorial if your cloud storage provider is Amazon Web Services (AWS). Note that [step 5](#section-step-5-set-up-an-iam-user-or-iam-role-and-enter-its-details) differs depending on the selected authentication method: IAM user or IAM role.\n\nOr, learn more if the storage bucket that you want to attach is hosted on [Google Cloud Storage (GCS)](doc:attach-a-google-cloud-storage-volume).\n\n## Prerequisite\n1. An [Amazon Web Services (AWS)](https://aws.amazon.com/) account.\n2. One or more buckets on this AWS account.\n\n## Step 1: Access the Volumes Dashboard\n1. Click on the **Data** tab of the top navigation bar.\n2. Select **Volumes** from the drop-down menu.\n\n## Step 2: Choose a cloud storage provider\n1. On the Volumes Dashboard, click **+Attach volume**.\n2. Select **Amazon Web Services** as your cloud storage provider.\n\n## Step 3: Provide S3 bucket details\n1. Enter your S3 bucket name, as displayed in the [AWS Management Console](https://console.aws.amazon.com/). \n2. (Optional) Define a new name for the volume created from this S3 bucket on the CGC.\n3. (Optional) Enter a description for your volume.\n4. Select access privileges: choose between **Read only (RO)** and **Read and Write (RW)** permissions.\n5. (Optional) enter a prefix. Learn more about [prefixes](doc:volumes#prefix).\n6. Click **Next**.\n\n## Step 4: Copy the policy\n\nIn this step, copy the policy and use it to create a new custom policy in the [AWS Management Console](https://aws.amazon.com/console/).\n1. Copy the policy from the text box on the CGC.\n2. Go to the [AWS Management Console](https://aws.amazon.com/console/).\n3. In the top menu select **Services** and then choose **IAM**.\n4. In the left navigation menu select **Policies**.\n5. Click **Create policy** and select the **JSON** tab.\n6. Paste the policy you copied from the wizard on the CGC, replacing the existing content.\n7. Click **Review policy** and enter a policy name, e.g. `sb-access-policy` (remember this policy name as you will need to attach it later to IAM user or IAM role).\n8. (Optional) Enter the policy description.\n9. Click **Create policy** to finish process of policy creation.\n\n## Step 5: Set up an IAM user or IAM role and enter its details\n\nAuthentication of the CGC is done through AWS Identity and Access Management (IAM) services and you can choose between two authentication options, [IAM user](#section-step-5a-set-up-an-iam-user) or [IAM role](#section-step-5b-set-up-an-iam-role). Depending on your preferred authentication method, follow the corresponding procedure below:\n\n### Step 5a: Set up an IAM user \n\nFollow these steps to set up an AWS IAM user that you will use to connect an S3 bucket (volume) to the CGC:\n1. In the volume connection wizard on the CGC select **IAM User**.\n2. Go to the [AWS Management Console](https://console.aws.amazon.com/).\n3. In the top menu select **Services** and then choose **IAM**.\n4. In the left navigation menu select **Users**, and then choose **Add user**.\n5. Enter the **User name** for the user you are creating.\n6. In the **Access type** section, select **Programmatic access**.\n7. Click **Next: Permissions**.\n8. In the **Set permissions** section select **Attach existing policies directly**.\n9. Use search bar to find and select the policy you created earlier (e.g. `sb-access-policy`)\n10. Click **Next: Tags**.\n11. (Optional) Add tags to the user. These are key-value pairs that contain additional information about the IAM user and are not necessary for the process of attaching a volume to the CGC.\n12. Click **Next: Review**. The user details screen is displayed. Check once again that all entered information is correct.\n13. Click **Create user**. You will see a message that the user is successfully created.\n14. On the confirmation screen, copy the provided **Access key ID** and **Secret access key** and use them for volume creation on the CGC.\n15. Click **Close**.\n16. On the CGC, enter **Access Key ID** and **Secret Access Key** in the corresponding fields of the volume connection wizard.\n17. Click **Next**.\n\n<a name=\"set-up-iam-role\"></a>\n\n### Step 5b: Set up an IAM role \n\nFollow these steps to create an AWS IAM role that you will use to connect an S3 bucket (volume) to the CGC:\n1. Log in to the [AWS Management Console](https://console.aws.amazon.com/).\n2. In the top menu select **Services** and then choose **IAM**.\n3. In the left navigation menu select **Roles,** and then choose** Create role**.\n4. In the **Select type of trusted entity **section, choose **Another AWS account**.\n5. Enter the following values:\n    * **Account ID**: 100263570800\n    * Check **Require External ID** and enter at least 6 characters (strongly recommended).\n6. Click **Next: Permissions**.\n7. Use the search bar to find and select the policy you created earlier (e.g. `sb-access-policy`)\n8. Click **Next: Tags**.\n9. (Optional) Add tags to the role. These are key-value pairs that contain additional information about the IAM role and are not necessary for the process of attaching a volume to the CGC.\n10. Click **Next: Review**. \n11. Enter **Role name** and its optional description.\n12. Click **Create role **to complete the process of role creation. List of all available roles opens.\n13. Click the name of your newly created role to see the necessary details.\n14. Copy the value of **Role ARN** and paste it in the corresponding field of the volume connection wizard on the CGC.\n15. In the [AWS Management Console](https://console.aws.amazon.com/), under the **Trust relationships** tab click **Edit trust relationship**.\n16. Copy the value of **sts:ExternalId** and paste it in the corresponding field of the volume connection wizard on the CGC.\n17. On the CGC, copy the generated policy from the text box at the bottom of the wizard.\n18. Go back to the [AWS Management Console](https://console.aws.amazon.com/).\n19. Under the **Trust relationships** tab for your IAM role, click **Edit trust relationship** and replace the **Policy Document** with the copied policy.\n20. Click **Update Trust Policy** to save the update.\n21. On the CGC, click **Next** in the volume connection wizard.\n\n## Step 6: Configure additional options\n\nIn this tab, you have the option to configure the endpoint, [server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html), and AWS Canned ACL.\n\n## Step 7: Review volume details\n\nOn this tab, review the details for your volume and click **Connect**.\n\n## Next step\n\nCongratulations! You've attached your volume to the CGC. You can make individual data objects within it available as \"aliases\" on the CGC. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on the CGC. We call this operation \"importing\". Learn more about [working with aliases](doc:aliases).","updates":[],"order":11,"isReference":false,"hidden":false,"sync_unique":"","link_url":"","link_external":false,"_id":"5928923e32b10a0f0042aca4","category":{"sync":{"isSync":false,"url":""},"pages":[],"title":"CONNECT CLOUD STORAGE","slug":"connect-cloud-storage","order":28,"from_sync":false,"reference":false,"_id":"5785191af3a10c0e009b75b0","version":"55faf11ba62ba1170021a9aa","__v":0,"project":"55faf11ba62ba1170021a9a7","createdAt":"2016-07-12T16:21:46.337Z"},"__v":0,"githubsync":"","createdAt":"2017-05-26T20:38:22.403Z","project":"55faf11ba62ba1170021a9a7","user":"5613e4f8fdd08f2b00437620","version":{"version":"1.0","version_clean":"1.0.0","codename":"","is_stable":true,"is_beta":true,"is_hidden":false,"is_deprecated":false,"categories":["55faf11ca62ba1170021a9ab","55faf8f4d0e22017005b8272","55faf91aa62ba1170021a9b5","55faf929a8a7770d00c2c0bd","55faf932a8a7770d00c2c0bf","55faf94b17b9d00d00969f47","55faf958d0e22017005b8274","55faf95fa8a7770d00c2c0c0","55faf96917b9d00d00969f48","55faf970a8a7770d00c2c0c1","55faf98c825d5f19001fa3a6","55faf99aa62ba1170021a9b8","55faf99fa62ba1170021a9b9","55faf9aa17b9d00d00969f49","55faf9b6a8a7770d00c2c0c3","55faf9bda62ba1170021a9ba","5604570090ee490d00440551","5637e8b2fbe1c50d008cb078","5649bb624fa1460d00780add","5671974d1b6b730d008b4823","5671979d60c8e70d006c9760","568e8eef70ca1f0d0035808e","56d0a2081ecc471500f1795e","56d4a0adde40c70b00823ea3","56d96b03dd90610b00270849","56fbb83d8f21c817002af880","573c811bee2b3b2200422be1","576bc92afb62dd20001cda85","5771811e27a5c20e00030dcd","5785191af3a10c0e009b75b0","57bdf84d5d48411900cd8dc0","57ff5c5dc135231700aed806","5804caf792398f0f00e77521","58458b4fba4f1c0f009692bb","586d3c287c6b5b2300c05055","58ef66d88646742f009a0216","58f5d52d7891630f00fe4e77","59a555bccdbd85001bfb1442","5a2a81f688574d001e9934f5","5b080c8d7833b20003ddbb6f","5c222bed4bc358002f21459a","5c22412594a2a5005cc9e919","5c41ae1c33592700190a291e","5c8a525e2ba7b2003f9b153c","5cbf14d58c79c700ef2b502e","5db6f03a6e187c006f667fa4","5f894c7d3b0894006477ca01"],"_id":"55faf11ba62ba1170021a9aa","releaseDate":"2015-09-17T16:58:03.490Z","createdAt":"2015-09-17T16:58:03.490Z","project":"55faf11ba62ba1170021a9a7","__v":47},"parentDoc":null}

Attach an Amazon Web Services (AWS) volume


## Overview Attach a volume for use on the CGC's visual interface. Use this tutorial if your cloud storage provider is Amazon Web Services (AWS). Note that [step 5](#section-step-5-set-up-an-iam-user-or-iam-role-and-enter-its-details) differs depending on the selected authentication method: IAM user or IAM role. Or, learn more if the storage bucket that you want to attach is hosted on [Google Cloud Storage (GCS)](doc:attach-a-google-cloud-storage-volume). ## Prerequisite 1. An [Amazon Web Services (AWS)](https://aws.amazon.com/) account. 2. One or more buckets on this AWS account. ## Step 1: Access the Volumes Dashboard 1. Click on the **Data** tab of the top navigation bar. 2. Select **Volumes** from the drop-down menu. ## Step 2: Choose a cloud storage provider 1. On the Volumes Dashboard, click **+Attach volume**. 2. Select **Amazon Web Services** as your cloud storage provider. ## Step 3: Provide S3 bucket details 1. Enter your S3 bucket name, as displayed in the [AWS Management Console](https://console.aws.amazon.com/).  2. (Optional) Define a new name for the volume created from this S3 bucket on the CGC. 3. (Optional) Enter a description for your volume. 4. Select access privileges: choose between **Read only (RO)** and **Read and Write (RW)** permissions. 5. (Optional) enter a prefix. Learn more about [prefixes](doc:volumes#prefix). 6. Click **Next**. ## Step 4: Copy the policy In this step, copy the policy and use it to create a new custom policy in the [AWS Management Console](https://aws.amazon.com/console/). 1. Copy the policy from the text box on the CGC. 2. Go to the [AWS Management Console](https://aws.amazon.com/console/). 3. In the top menu select **Services** and then choose **IAM**. 4. In the left navigation menu select **Policies**. 5. Click **Create policy** and select the **JSON** tab. 6. Paste the policy you copied from the wizard on the CGC, replacing the existing content. 7. Click **Review policy** and enter a policy name, e.g. `sb-access-policy` (remember this policy name as you will need to attach it later to IAM user or IAM role). 8. (Optional) Enter the policy description. 9. Click **Create policy** to finish process of policy creation. ## Step 5: Set up an IAM user or IAM role and enter its details Authentication of the CGC is done through AWS Identity and Access Management (IAM) services and you can choose between two authentication options, [IAM user](#section-step-5a-set-up-an-iam-user) or [IAM role](#section-step-5b-set-up-an-iam-role). Depending on your preferred authentication method, follow the corresponding procedure below: ### Step 5a: Set up an IAM user  Follow these steps to set up an AWS IAM user that you will use to connect an S3 bucket (volume) to the CGC: 1. In the volume connection wizard on the CGC select **IAM User**. 2. Go to the [AWS Management Console](https://console.aws.amazon.com/). 3. In the top menu select **Services** and then choose **IAM**. 4. In the left navigation menu select **Users**, and then choose **Add user**. 5. Enter the **User name** for the user you are creating. 6. In the **Access type** section, select **Programmatic access**. 7. Click **Next: Permissions**. 8. In the **Set permissions** section select **Attach existing policies directly**. 9. Use search bar to find and select the policy you created earlier (e.g. `sb-access-policy`) 10. Click **Next: Tags**. 11. (Optional) Add tags to the user. These are key-value pairs that contain additional information about the IAM user and are not necessary for the process of attaching a volume to the CGC. 12. Click **Next: Review**. The user details screen is displayed. Check once again that all entered information is correct. 13. Click **Create user**. You will see a message that the user is successfully created. 14. On the confirmation screen, copy the provided **Access key ID** and **Secret access key** and use them for volume creation on the CGC. 15. Click **Close**. 16. On the CGC, enter **Access Key ID** and **Secret Access Key** in the corresponding fields of the volume connection wizard. 17. Click **Next**. <a name="set-up-iam-role"></a> ### Step 5b: Set up an IAM role  Follow these steps to create an AWS IAM role that you will use to connect an S3 bucket (volume) to the CGC: 1. Log in to the [AWS Management Console](https://console.aws.amazon.com/). 2. In the top menu select **Services** and then choose **IAM**. 3. In the left navigation menu select **Roles,** and then choose** Create role**. 4. In the **Select type of trusted entity **section, choose **Another AWS account**. 5. Enter the following values: * **Account ID**: 100263570800 * Check **Require External ID** and enter at least 6 characters (strongly recommended). 6. Click **Next: Permissions**. 7. Use the search bar to find and select the policy you created earlier (e.g. `sb-access-policy`) 8. Click **Next: Tags**. 9. (Optional) Add tags to the role. These are key-value pairs that contain additional information about the IAM role and are not necessary for the process of attaching a volume to the CGC. 10. Click **Next: Review**.  11. Enter **Role name** and its optional description. 12. Click **Create role **to complete the process of role creation. List of all available roles opens. 13. Click the name of your newly created role to see the necessary details. 14. Copy the value of **Role ARN** and paste it in the corresponding field of the volume connection wizard on the CGC. 15. In the [AWS Management Console](https://console.aws.amazon.com/), under the **Trust relationships** tab click **Edit trust relationship**. 16. Copy the value of **sts:ExternalId** and paste it in the corresponding field of the volume connection wizard on the CGC. 17. On the CGC, copy the generated policy from the text box at the bottom of the wizard. 18. Go back to the [AWS Management Console](https://console.aws.amazon.com/). 19. Under the **Trust relationships** tab for your IAM role, click **Edit trust relationship** and replace the **Policy Document** with the copied policy. 20. Click **Update Trust Policy** to save the update. 21. On the CGC, click **Next** in the volume connection wizard. ## Step 6: Configure additional options In this tab, you have the option to configure the endpoint, [server-side encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html), and AWS Canned ACL. ## Step 7: Review volume details On this tab, review the details for your volume and click **Connect**. ## Next step Congratulations! You've attached your volume to the CGC. You can make individual data objects within it available as "aliases" on the CGC. Aliases point to files stored on your cloud storage bucket and can be copied, executed, and organized like normal files on the CGC. We call this operation "importing". Learn more about [working with aliases](doc:aliases).