Amazon S3

Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance.

watsonx.data on IBM Software Hub

watsonx.data Developer edition

If you select Amazon S3 from the Storage section, configure the following details:

Field	Description
Display name	Enter the name to be displayed.
Bucket name	Enter the name of your existing bucket.
S3 access point topology	Select the type of S3 endpoint to use: Regional endpoint - Use a standard regional S3 endpoint for your bucket. Global access point (MRAP) - Use an Amazon S3 Multi-Region Access Point (MRAP) for global access to your data across multiple AWS regions.
Region	Select the region where the storage is available.
Endpoint	Enter the Endpoint URL. For example, `https://s3.us-west-2.amazonaws.com` .
MRAP ARN	Enter the Amazon Resource Name (ARN) of your Multi-Region Access Point. The format of the value is `arn:aws:S3::<AWS_ACCOUNT_ID>:accesspoint/MultiRegionAccessPoint_<alias>` Note: This field appears only when Global access point (MRAP) is selected.
Endpoint	Enter the endpoint URL. For Regional endpoint, the format of the value is `https://S3.<region>.amazonaws.com`. For Global access point (MRAP), the format of the value is `https://<mrap-alias>.accesspoint.s3-global.amazonaws.com`.
Authentication Mode	You can select one of the following authentication methods: HMAC credentials: Select this method to use access key and secret key as the authentication mechanism. IAM Role: Select this method to use AWS Security Token Service (STS) that offer enhanced security compared to access and secret keys.
Access key	Enter your Access key.
Secret key	Enter your Secret key.
Role ARN	The Amazon Resource Names (ARNs) uniquely identify AWS resources based on IAM role, which is an AWS identity with specific permission. Enter the value in the format `arn:aws:iam::<AWS_ACCOUNT_ID>:role/<ROLE_NAME>`. To generate Role ARN, see Configuration required to retrieve Role ARN.
Connection status	Click the Test connection link to test the storage connection. If the bucket connection is successful, a success message appears.
Input method Note: This field is available only when use of secrets from an external vault (HashiCorp) is configured for your connections and also if you selected Authentication Mode as HMAC credentials.	Choose the credential input method: Enter credential manually Use secret from vault To use secrets from an external vault, select the Use secret from vault option and complete the following steps: Click Select secret. Select one or more secrets and click Select.
Access key Secret key	If you are using secrets from vault, then select the Access key and Secret key from the respective drop-down lists. Otherwise, enter your Access key and Secret key in the respective fields.
Console UI Designate this bucket as the ACL store	Console UI Use the toggle switch to designate this bucket as the ACL store. If you enable the toggle switch,An Enable Access Control List (ACL)? dialog appears, Click Enable. Note: This feature applies to watsonx.data Premium. For more information on how to use this feature, see Governance through Access Controlled Lists (ACL). If you enable the toggle switch, the Associate catalog option is selected by default, with the Apache Iceberg data source per-selected. You cannot choose a different catalog for ACLs. You can designate only one storage as the ACL store per instance. After a storage is designated, this option will no longer be visible or available.
Console UI Associate catalog	Console UI Select the checkbox to associate a catalog to the data source. This catalog is automatically associated with your data source and serves as your query interface with the data stored within.
Catalog type / Type	Console UI Catalog type: Select the catalog type from the list. The recommended catalog is Apache Iceberg. The other option for catalog is Apache Hive. Platform UI Type: Select the database type from the list. The recommended database is Apache Iceberg. The other option for database is Apache Hive.
Catalog name / Name	Console UI Catalog name: Enter the name of the catalog. Platform UI Name: Enter the name of the database associated with your data source. The database serves as your query interface with the data stored within.
Base path (optional) Note: This field appears only when you select Apache Iceberg as the data source.	Enter the base path for the catalog in the object storage. This allows you to associate multiple Iceberg data sources with a single storage. Note: You cannot share a storage between Iceberg and non-Iceberg data sources.
Associate	Click Associate to create the storage.