docs/reference/search-connectors/es-connectors-s3.md
The Elastic S3 connector is a connector for Amazon S3 data sources.
This connector is available as a self-managed connector. This self-managed connector is compatible with Elastic versions 8.6.0+. To use this connector, satisfy all self-managed connector requirements.
To create a new Amazon S3 connector:
You can use the {{es}} Create connector API to create a new self-managed Amazon S3 self-managed connector.
For example:
PUT _connector/my-s3-connector
{
"index_name": "my-elasticsearch-index",
"name": "Content synced from Amazon S3",
"service_type": "s3"
}
% TEST[skip:can’t test in isolation]
:::::{dropdown} You’ll also need to create an API key for the connector to use.
::::{note}
The user needs the cluster privileges manage_api_key, manage_connector and write_connector_secrets to generate API keys programmatically.
::::
To create an API key for the connector:
Run the following command, replacing values where indicated. Note the encoded return values from the response:
POST /_security/api_key
{
"name": "connector_name-connector-api-key",
"role_descriptors": {
"connector_name-connector-role": {
"cluster": [
"monitor",
"manage_connector"
],
"indices": [
{
"names": [
"index_name",
".search-acl-filter-index_name",
".elastic-connectors*"
],
"privileges": [
"all"
],
"allow_restricted_indices": false
}
]
}
}
}
Update your config.yml file with the API key encoded value.
:::::
Refer to the {{es}} API documentation for details of all available Connector APIs.
To use this connector as a self-managed connector, see Self-managed connectors.
For additional operations, see Connectors UI in {{kib}}.
S3 users will also need to Create an IAM identity
Users need to create an IAM identity to use this connector as a self-managed connector. Refer to the AWS documentation.
The policy associated with the IAM identity must have the following AWS permissions:
ListAllMyBucketsListBucketGetBucketLocationGetObjectCurrently the connector does not support S3-compatible vendors.
The following configuration fields are required to set up the connector:
buckets
: List of S3 bucket names. * will fetch data from all buckets. Examples:
* `testbucket, prodbucket`
* `testbucket`
* `*`
::::{note} This field is ignored when using advanced sync rules.
::::
aws_access_key_id
: Access Key ID for the AWS identity that will be used for bucket access.
aws_secret_access_key
: Secret Access Key for the AWS identity that will be used for bucket access.
read_timeout
: The read_timeout for Amazon S3. Default value is 90.
connect_timeout
: Connection timeout for crawling S3. Default value is 90.
max_attempts
: Maximum retry attempts. Default value is 5.
page_size
: Page size for iterating bucket objects in Amazon S3. Default value is 100.
You can deploy the Amazon S3 connector as a self-managed connector using Docker. Follow these instructions.
::::{dropdown} Step 1: Download sample configuration file Download the sample configuration file. You can either download it manually or run the following command:
curl https://raw.githubusercontent.com/elastic/connectors/main/app/connectors_service/config.yml.example --output ~/connectors-config/config.yml
% NOTCONSOLE
Remember to update the --output argument value if your directory name is different, or you want to use a different config file name.
::::
::::{dropdown} Step 2: Update the configuration file for your self-managed connector Update the configuration file with the following settings to match your environment:
elasticsearch.hostelasticsearch.api_keyconnectorsIf you’re running the connector service against a Dockerized version of Elasticsearch and Kibana, your config file will look like this:
# When connecting to your cloud deployment you should edit the host value
elasticsearch.host: http://host.docker.internal:9200
elasticsearch.api_key: <ELASTICSEARCH_API_KEY>
connectors:
-
connector_id: <CONNECTOR_ID_FROM_KIBANA>
service_type: s3
api_key: <CONNECTOR_API_KEY_FROM_KIBANA> # Optional. If not provided, the connector will use the elasticsearch.api_key instead
Using the elasticsearch.api_key is the recommended authentication method. However, you can also use elasticsearch.username and elasticsearch.password to authenticate with your Elasticsearch instance.
Note: You can change other default configurations by simply uncommenting specific settings in the configuration file and modifying their values.
::::
::::{dropdown} Step 3: Run the Docker image Run the Docker image with the Connector Service using the following command:
docker run \
-v ~/connectors-config:/config \
--network "elastic" \
--tty \
--rm \
docker.elastic.co/integrations/elastic-connectors:{{version.stack}} \
/app/bin/elastic-ingest \
-c /config/config.yml
::::
Refer to DOCKER.md in the elastic/connectors repo for more details.
Find all available Docker images in the official registry.
::::{tip}
We also have a quickstart self-managed option using Docker Compose, so you can spin up all required services at once: Elasticsearch, Kibana, and the connectors service. Refer to this README in the elastic/connectors repo for more information.
::::
::::{note}
::::
Basic sync rules are identical for all connectors and are available by default.
::::{note} A full sync is required for advanced sync rules to take effect.
::::
Advanced sync rules are defined through a source-specific DSL JSON snippet.
Use advanced sync rules to filter data to be fetched from Amazon S3 buckets. They take the following parameters:
bucket: S3 bucket the rule applies to.extension (optional): Lists which file types to sync. Defaults to syncing all types.prefix (optional): String of prefix characters. The connector will fetch file and folder data that matches the string. Defaults to "" (syncs all bucket objects).$$$es-connectors-s3-client-sync-rules-advanced-examples$$$ Advanced sync rules examples
Fetching files and folders recursively by prefix
Example: Fetch files/folders in folder1/docs.
[
{
"bucket": "bucket1",
"prefix": "folder1/docs"
}
]
% NOTCONSOLE
Example: Fetch files/folder starting with folder1.
[
{
"bucket": "bucket2",
"prefix": "folder1"
}
]
% NOTCONSOLE
Fetching files and folders by specifying extensions
Example: Fetch all objects which start with abc and then filter using file extensions.
[
{
"bucket": "bucket2",
"prefix": "abc",
"extension": [".txt", ".png"]
}
]
% NOTCONSOLE
See Content extraction.
The connector framework enables operators to run functional tests against a real data source. Refer to Connector testing for more details.
To execute a functional test for the Amazon S3 self-managed connector, run the following command:
make ftest NAME=s3
By default, this will use a medium-sized dataset. To make the test faster add the DATA_SIZE=small argument:
make ftest NAME=s3 DATA_SIZE=small
There are no known issues for this connector.
See Known issues for any issues affecting all connectors.
See Troubleshooting.
See Security.
This connector is built with the Elastic connector framework.
View the source code for this connector (branch main, compatible with Elastic 9.0).