# Amazon S3
Amazon S3 (opens new window) is a web service offered by Amazon Web Services, that provides scalable and highly flexible cloud storage through web services interfaces.
# Use cases
Integrate the Amazon S3 connector with your business applications to automate data storage and retrieval. You can streamline file transfers, synchronize databases, and ensure secure, scalable data management. Explore our use cases to discover how you can optimize your S3 workflows:
- Sync data between Amazon S3 and SQL Server to automate database updates and file transfers.
# API version
The Amazon S3 connector uses Amazon S3 REST API, version 2006-03-01 (opens new window).
# How to connect to Amazon S3 on Workato
The Amazon S3 connector uses the AWS Signature Version 4 (opens new window) to authenticate to Amazon S3. There are two ways to connect:
- Using Access Key
- Using IAM role
ACCESS KEY LEGACY AUTHENTICATION
Access key authentication is a legacy authentication format and we highly recommend IAM role authentication.
IAM ROLE AUTHENTICATION
We recommend that you provision a dedicated integration role for this Workato connection. A dedicated integration role helps maintain permission boundaries, including controlled access and actions that are permitted by the third-party application, for example, Workato.
Refer to the Amazon documentation to the following documentation for more information about IAM role authentication in Workato:
- Use IAM role-based authentication for AWS Services in the Workato documentation.
- Create an IAM user in your AWS account (opens new window) in the Amazon documentation.
# Permissions
The following permissions are required to use all of the Amazon S3 connector's triggers and actions. You must configure, at minimum, the S3:ListAllMyBuckets permission to create a connection to Amazon S3.
| Action | Role | 
|---|---|
| Create connection | S3:ListAllMyBuckets | 
| Create bucket | S3:CreateBucket | 
| Delete file/folder | S3:DeleteObject,S3:ListAllMyBuckets | 
| Download file contents | S3:ListAllMyBuckets,S3:GetObject | 
| Generate resigned URL | S3:GetObject | 
| Get bucket location | S3:GetBucketLocation | 
| List files in bucket | S3:ListBucket,S3:ListAllMyBuckets | 
| Upload file | S3:PutObject,S3:ListAllMyBuckets | 
| Upload file streaming | S3:PutObject,S3:ListAllMyBuckets | 
| All triggers | S3:ListBucket,S3:ListAllMyBuckets | 
| Use S3 as an audit log streaming destination | S3:ListAllMyBuckets,S3:PutObject | 
# IAM role ARN authentication
For this authentication method, you must provide the IAM role ARN (opens new window).
Complete the steps in Use IAM role-based authentication for AWS Services to get the required IAM role Amazon Resource Name (ARN).
# Complete IAM role ARN setup in Workato
Refer to Use IAM role-based authentication for AWS Services for more information IAM authentication.
Complete the following steps to finish setting up your Amazon S3 connection in Workato:
Click Create > Connection.
Search for and select Amazon S3 as your connection in the New connection page.
Provide a name for your connection in the Connection name field.
Use the Location drop-down menu to select the project where you plan to store the connection.
Select your Connection type from the drop-down menu.
Use the Authorization type drop-down menu to select IAM role.
Enter the IAM role ARN.
WORKATO UNIQUE EXTERNAL ID
Workato generates a unique external id for every Workato user. This external ID must be provided when creating an IAM role in S3. For example, workato-user-84762.
Navigate to Workspace Admin > Settings > Security > AWS IAM in your workspace to get the external ID.
Enter the bucket to restrict this connection to in the Restrict to bucket field. This is required when the user has limited s3:ListBucket (opens new window) access.
Enter the Region of the S3 account you plan to use.
Enter the number of Download threads to boost download speed. The default is 1 and the maximum
m is 20.
Click Connect
# Retrieve access key information
DEPRECATED
Access key authentication is deprecated. Workato recommends using IAM role authentication.
This authentication method requires an access key. Refer to the Amazon documentation (opens new window) to get the required access key information.
# Complete access key setup in Workato
Complete the following steps to finish setting up your Amazon S3 access key in Workato:
Search for and select Amazon S3 as your connection on the New connection page.
Enter a name for your connection in the Connection name field.
Use the Location drop-down menu to select the project or folder where you plan to store the connection.
Use the Connection type drop-down menu to select the type of connection you plan to use.
Use the Authorization type drop-down menu to select Access key.
Enter the Access key ID.
Enter the Secret access key.
Enter the bucket to restrict this connection to in the Restrict to bucket field. This is required when the user has limited s3:ListBucket (opens new window) access.
Enter the Region of the S3 account you are using.
Enter the number of Download threads to boost download speed. The default is 1 and the maximum
m is 20.
Click Connect.
 Last updated: 6/5/2025, 9:49:27 PM