Amazon S3

AWS S3 connections let you move files to or from your S3 buckets.

Add Amazon S3 Connection

Create a new Connection and choose AWS S3 for the connection type.

Provide a Connection Label so you can identify the connection in a list. This is especially important if you need more than one connection of the same type, such as moving data between two different S3 Buckets.

Bucket Details

Enter the name of the bucket to use for the connection.

Choose the AWS Region where your bucket resides.

Credentials

Mover uses an Access Key and Secret Key to authenticate requests, following the protocol established by AWS for S3. We recommend using AWS IAM to create an IAM user just for Mover.

After generating the IAM User, copy its Access Key and Secret Key to your Connection.

Advanced Settings

If your S3 user policy does not have access to the entire bucket, or is restricted to specific subfolders only, then verification of access to the bucket may fail when testing credentials.

Use the advanced setting for Can these credentials access the root of this remote or are they restricted to a subfolder? to specify a subfolder that can be used to verify access when testing your credentials.

Required Permissions for IAM User

Minimal Permissions for Full Access

If you are copying data to this connection, apply a policy to the IAM user to grant it full permissions to the bucket being used. These permissions represent the minimum required for Mover to function correctly with your S3 bucket.

To use the below example, replace <Your IAM User ID> with the 12 digit IAM ID of the user, replace <Your IAM User Name> with the IAM user name of the user, and replace <bucketname> with your bucket name.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::<Your IAM User ID>:user/<Your IAM User Name>"
      },
      "Action": [
        "s3:ListBucket",
        "s3:GetBucketLocation",
        "s3:PutObject",
        "s3:PutObjectAcl",
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:DeleteObject"
      ],
      "Resource": [
        "arn:aws:s3:::<bucketname>",
        "arn:aws:s3:::<bucketname>/*"
      ]
    }
  ]
}

Permissions for Read-Only Access

If your S3 bucket is read-only, or if the connection will only be used as a source connection, you can use this S3 user policy to set the IAM user's access to the bucket (replace <bucketname> with your bucket name):

{
   "Version": "2012-10-17",
   "Statement": [
      {
         "Effect": "Allow",
         "Action": [
           "s3:GetObject",
           "s3:ListBucket",
           "s3:GetBucketLocation"
         ],
         "Resource": [
           "arn:aws:s3:::<bucketname>",
           "arn:aws:s3:::<bucketname>/path/to/subfolder/*"
         ]
      }
   ]
}

Amazon S3 is Case Sensitive

Be aware of case sensitivity differences when copying, moving, or syncing files and folders between connections. Copying items from a system which is not case sensitive to another that is case sensitive could result in 1 item being treated as 2 different ones, such as attempting to overwrite MyFile.txt with myfile.txt .

In the other direction, copying from a case sensitive system to another that is not case sensitive can cause files to be overwritten, and folders to have their contents merged, if their case insensitive names are a match.