# Amazon S3 AWS S3 connections let you move files to or from your S3 buckets. ## Add Amazon S3 Connection Create a new Connection and choose AWS S3 for the connection type. Provide a *Connection Label* so you can identify the connection in a list. This matters most when you have more than one connection of the same type, like two S3 buckets used as separate endpoints in the same workflow. ### Bucket Details Enter the name of the bucket to use for the connection. Choose the AWS Region where your bucket resides. ### Credentials Mover uses an Access Key and Secret Key to authenticate requests, following the protocol established by AWS for S3. We recommend using AWS IAM to create an IAM user just for Mover. After generating the IAM User, copy its Access Key and Secret Key to your Connection. ### Advanced Settings If your S3 user policy does not have access to the entire bucket, or is restricted to specific subfolders only, then verification of access to the bucket may fail when testing credentials. Use the advanced setting for *Can these credentials access the root of this remote or are they restricted to a subfolder?* to specify a subfolder that can be used to verify access when testing your credentials. ## Required Permissions for IAM User ### Minimal Permissions for Full Access If you are copying data to this connection, apply a policy to the IAM user to grant it full permissions to the bucket being used. These permissions represent the minimum required for Mover to function correctly with your S3 bucket. To use the below example, replace `` with the 12 digit IAM ID of the user, replace `` with the IAM user name of the user, and replace `` with your bucket name. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam:::user/" }, "Action": [ "s3:ListBucket", "s3:GetBucketLocation", "s3:PutObject", "s3:PutObjectAcl", "s3:GetObject", "s3:GetObjectAcl", "s3:DeleteObject" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/*" ] } ] } ``` ### Permissions for Read-Only Access If your S3 bucket is read-only, or if the connection will only be used as a source connection, you can use this S3 user policy to set the IAM user's access to the bucket (replace `` with your bucket name): ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket", "s3:GetBucketLocation" ], "Resource": [ "arn:aws:s3:::", "arn:aws:s3:::/path/to/subfolder/*" ] } ] } ``` ## page.vars.VENDOR\_NAME is Case Sensitive Be aware of case sensitivity differences when copying, moving, or syncing files and folders between connections. Copying items from a system which is not case sensitive to another that is case sensitive could result in 1 item being treated as 2 different ones, such as attempting to overwrite `MyFile.txt` with `myfile.txt` . In the other direction, copying from a case sensitive system to another that is not case sensitive can cause files to be overwritten, and folders to have their contents merged, if their case *insensitive* names are a match. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://moverdocs.files.com/connections/amazon-s3.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.