Amazon S3 connector

Adobe Experience Platform provides native connectivity for cloud providers like AWS, Google Cloud Platform, and Azure. You can bring your data from these systems into Platform.

Cloud storage sources can bring your own data into Platform without the need to download, format, or upload. Ingested data can be formatted as XDM JSON, XDM Parquet, or delimited. Every step of the process is integrated into the Sources workflow. Platform allows you to bring in data from S3 through batches.

IP address allow list

A list of IP addresses must be added to an allow list prior to working with source connectors. Failing to add your region-specific IP addresses to your allow list may lead to errors or non-performance when using sources. See the IP address allow list page for more information.

Naming constraints for files and directories

The following is a list of constraints you must account for when naming your cloud storage file or directory.

  • Directory and file component names cannot exceed 255 characters.
  • Directory and file names cannot end with a forward slash (/). If provided, it will be automatically removed.
  • The following reserved URL characters must be properly escaped: ! ' ( ) ; @ & = + $ , % # [ ]
  • The following characters are not allowed: " \ / : | < > * ?.
  • Illegal URL path characters not allowed. Code points like \uE000, while valid in NTFS filenames, are not valid Unicode characters. In addition, some ASCII or Unicode characters, like control characters (0x00 to 0x1F, \u0081, etc.), are also not allowed. For rules governing Unicode strings in HTTP/1.1 see RFC 2616, Section 2.2: Basic Rules and RFC 3987.
  • The following file names are not allowed: LPT1, LPT2, LPT3, LPT4, LPT5, LPT6, LPT7, LPT8, LPT9, COM1, COM2, COM3, COM4, COM5, COM6, COM7, COM8, COM9, PRN, AUX, NUL, CON, CLOCK$, dot character (.), and two dot characters (…).

Prerequisites prerequisites

To ingest a single directory with S3, you must create an Identity and Access Management (IAM) user for Platform in the S3 console and assign permissions for the following actions:

  • s3:GetObject
  • s3:GetObjectVersion

The following permissions are also required for exploring and testing connectivity:

  • s3:ListAllMyBuckets
  • s3:ListBucket
  • s3:GetBucketLocation

A file path like myBucket/folder/subfolder/subsubfolder/abc.csv may lead you to only access subsubfolder/abc.csv. If you want to access the subfolder, you can specify the bucket parameter in your S3 console as myBucket and the folderPath as folder/subfolder to ensure that file exploration starts at subfolder as opposed to subsubfolder/abc.csv.

Use temporary security credentials to connect Amazon S3

You can connect Amazon S3 with temporary security credentials using the s3SessionToken. This allows you to connect Amazon S3 to Platform without having to create permanent IAM credentials with Amazon Web Services, or provide access to your Amazon S3 bucket to users in untrusted environments.

Temporary security credentials work similarly to regular, long-term access key credentials, except you can configure a shorter expiry date for your temporary credentials. Expirations can be set to a few minutes after activation or up to several hours. Temporary credentials are also not contained with the user. This means that you must request for a new set of temporary credentials, when they expire.

For steps on how to generate your temporary session token, see this AWS document on temporary session tokens

Connect S3 to Platform

The documentation below provides information on how to connect S3 to Adobe Experience Platform using APIs or the user interface:

Using APIs

Using the UI