tS3Connection Standard properties - 7.2

Amazon S3

English (United States)
Talend Big Data
Talend Big Data Platform
Talend Data Fabric
Talend Data Integration
Talend Data Management Platform
Talend Data Services Platform
Talend ESB
Talend MDM Platform
Talend Open Studio for Big Data
Talend Open Studio for Data Integration
Talend Open Studio for ESB
Talend Real-Time Big Data Platform
Talend Studio
Data Governance > Third-party systems > Amazon services (Integration) > Amazon S3 components
Data Quality and Preparation > Third-party systems > Amazon services (Integration) > Amazon S3 components
Design and Development > Third-party systems > Amazon services (Integration) > Amazon S3 components

These properties are used to configure tS3Connection running in the Standard Job framework.

The Standard tS3Connection component belongs to the Cloud family.

The component in this framework is available in all Talend products.

Basic settings

Access Key

The Access Key ID that uniquely identifies an AWS Account. For how to get your Access Key and Access Secret, visit Getting Your AWS Access Keys.

Secret Key

The Secret Access Key, constituting the security credentials in combination with the access Key.

To enter the secret key, click the [...] button next to the secret key field, and then in the pop-up dialog box enter the password between double quotes and click OK to save the settings.

Inherit credentials from AWS role

Select this check box to obtain AWS security credentials from Amazon EC2 instance metadata. To use this option, the Amazon EC2 instance must be started and your Job must be running on Amazon EC2. For more information, see Using an IAM Role to Grant Permissions to Applications Running on Amazon EC2 Instances.

Assume Role

If you temporarily need some access permissions associated to an AWS IAM role that is not granted to your user account, select this check box to assume that role. Then specify the values for the following parameters to create a new assumed role session.

Ensure that access to this role has been granted to your user account by the trust policy associated to this role. If you are not certain about this, ask the owner of this role or your AWS administrator.

  • Role ARN: the Amazon Resource Name (ARN) of the role to assume. You can find this ARN name on the Summary page of the role to be used on your AWS portal, for example, this role ARN could read like am:aws:iam::[aws_account_number]:role/[role_name].

  • Role session name: enter the name you want to use to uniquely identify your assumed role session. This name can contain upper- and lower-case alphanumeric characters with no spaces. You can also include underscores or any of the following characters: =,.@-.

  • Session duration (minutes): the duration (in minutes) for which you want the assumed role session to be active. This duration cannot exceed the maximum duration which your AWS administrator has set.

For an example about an IAM role and its related policy types, see Create and Manage AWS IAM Roles from the AWS documentation.


Specify the AWS region by selecting a region name from the list or entering a region between double quotation marks (e.g. "us-east-1") in the list. For more information about the AWS Region, see Regions and Endpoints.


Select this check box and from the Key type drop-down list displayed, select one of the following three options for encrypting the data on the client-side before sending to Amazon S3. For more information, see Protecting Data Using Client-Side Encryption.
  • KMS-managed customer master key: use a KMS-managed customer master key (CMK) for the client-side data encryption. In the Key field, you need to specify the AWS KMS customer master key ID (CMK ID).

  • Symmetric Master Key: use a symmetric master key (256-bit AES secret key) for the client-side data encryption.

    • Algorithm: select the algorithm associated with the key from the list. By default, there is only one algorithm named AES.

    • Encoding: select the encoding type associated with the key from the list, either Base64 or X509.

    • Key or Key file: specify the key or the path to the file that stores the key.

  • Asymmetric Master Key: use an asymmetric master key (a 1024-bit RSA key pair) for the client-side data encryption.

    • Algorithm: select the algorithm associated with the key from the list. By default, there is only one algorithm named RSA.

    • Public key file: specify the path to the public key file.

    • Private key file: specify the path to the private key file.

Advanced settings

Use a custom region endpoint

Select this check box to use a custom endpoint and in the field displayed, specify the URL of the custom endpoint to be used.

Config client

Select this check box if you want to use customized client configuration other than the default.

Client Parameter: select client parameters from the list.

Value: enter the parameter value.

For related information, go to Client Configuration.

Check S3 Accessibility Leave this check box selected so that the component verifies the credentials to be used for this connection request to S3 before proceeding to further actionst. It is recommended to use the default By Account Owner option for this verification. The By Bucket Configuration option employs an old verification approach which could significantly increase your network load in some circumstances.

Enable Accelerate Mode

Select this check box to enable fast, easy and secure transfers of files over long distances between your client and an S3 bucket. To take it into account, you should enable this acceleration mode on the S3 bucket in advance.

STS Endpoint

Select this check box and in the field displayed, specify the AWS Security Token Service endpoint, for example, sts.amazonaws.com, where session credentials are retrieved from.

This service allows you to request temporary, limited-privilege credentials for the AWS user you authenticate; therefore, you still need to provide the access key and secret key to authenticate the AWS account to be used.

For a list of the STS endpoints you can use, see AWS Security Token Service. For further information about the STS temporary credentials, see Temporary Security Credentials. Both articles are from the AWS documentation.

This check box is available only when the Assume role check box is selected.

tStatCatcher Statistics

Select this check box to collect log data at the component level.

Global Variables


The error message generated by the component when an error occurs. This is an After variable and it returns a string.


Usage rule

As a start component, this component is to be used along with other S3 components.

Dynamic settings

Click the [+] button to add a row in the table and fill the Code field with a context variable to choose your database connection dynamically from multiple connections planned in your Job. This feature is useful when you need to access database tables having the same data structure but in different databases, especially when you are working in an environment where you cannot change your Job settings, for example, when your Job has to be deployed and executed independent of Talend Studio.

Once a dynamic parameter is defined, the Component List box in the Basic settings view becomes unusable.

For examples on using dynamic parameters, see ../reuse/../standard/reading-data-from-databases-through-context-based-dynamic-connect_c.html and ../reuse/../standard/tcontextload_tlogrow-tfileinputdelimited-tmysqlinput_reading-data-from-different-mysql-databases-using-dynamically-loa_standard_component_the-job-in_c.html. For more information on Dynamic settings and context variables, see Talend Studio User Guide.