> For the complete documentation index, see [llms.txt](https://upsolver.gitbook.io/content/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://upsolver.gitbook.io/content/reference-1/sql-commands/connections/create-connection/amazon-s3.md). # Amazon S3 To read from and write to your Amazon S3 buckets in Upsolver, you must first create a connection that provides the appropriate credentials to access your buckets. {% hint style="info" %} Note that when you integrate Upsolver with your AWS account, there is an S3 connection created by default, but you may still want to create your own connection for specific access configurations. See the guide to [Deploy Upsolver on AWS](/content/how-to-guides-1/setup/deploy-upsolver-on-aws.md) for more information. {% endhint %} ## Syntax ```sql CREATE S3 CONNECTION [ { AWS_ROLE = '' EXTERNAL_ID = '' | AWS_ACCESS_KEY_ID = '' AWS_SECRET_ACCESS_KEY = '' } ] [ PATH_DISPLAY_FILTER[S] = { '' | ('' [, ...]) } ] [ READ_ONLY = { TRUE | FALSE } ] [ { ENCRYPTION_KMS_KEY = '' ] | ENCRYPTION_CUSTOMER_MANAGED_KEY = '' } ] [ COMMENT = '' ]; ``` #### Jump to * [`AWS_ROLE`](#aws_role-editable) * [`EXTERNAL_ID`](#external_id-editable) * [`AWS_ACCESS_KEY_ID`](#aws_access_key_id-editable) * [`AWS_SECRET_ACCESS_KEY`](#aws_secret_access_key-editable) * [`PATH_DISPLAY_FILTER[S]`](#path_display_filter-s-editable) * [`READ_ONLY`](#read_only) * [`ENCRYPTION_KMS_KEY`](#encryption_kms_key-editable) * [`ENCRYPTION_CUSTOMER_MANAGED_KEY`](#encryption_customer_managed_key-editable) * [`COMMENT`](#comment-editable) ## Connection options #### `AWS_ROLE` — editable Type: `text` (Optional) The AWS IAM role ARN. Used in conjunction with [`EXTERNAL_ID`](#external_id-editable). If omitted, the role created when integrating Upsolver with the AWS account is used. To learn how to provide a role with the proper credentials, see: [Configure access to S3](broken://pages/bVlM4P2rXm1cE5JNpJpZ) #### `EXTERNAL_ID` — editable Type: `text` (Optional) The external ID of the role to assume. Used in conjunction with [`AWS_ROLE`](#aws_role-editable). If omitted, the role created when integrating Upsolver with the AWS account is used. #### `AWS_ACCESS_KEY_ID` — editable Type: `text` (Optional) The AWS access key ID. Used in conjunction with [`AWS_SECRET_ACCESS_KEY`](#aws_secret_access_key). If omitted, the role created when integrating Upsolver with the AWS account is used. #### `AWS_SECRET_ACCESS_KEY` — editable Type: `text` (Optional) The AWS secret key corresponding to the provided [`AWS_ACCESS_KEY_ID`](#aws_access_key_id). If omitted, the role created when integrating Upsolver with the AWS account is used. #### `PATH_DISPLAY_FILTER[S]` — editable Type: `text | list` (Optional) A single path or the list of paths to show. If not provided, all buckets are shown. Paths should be provided in the following format: `s3://bucket/prefix`. This shows anything beginning with the given prefix. To filter by a specific folder, use the following format: `s3://bucket/folder-path/` #### `READ_ONLY` — editable Type: `Boolean` Default: `false` (Optional) Whether or not the connection is read-only. When `true`, Upsolver is not able to write data to or delete data from, the bucket. #### `ENCRYPTION_KMS_KEY` — editable Type: `text` (Optional) The ARN of the KMS key to use. If omitted, uses the default encryption defined on the bucket in AWS. #### `ENCRYPTION_CUSTOMER_MANAGED_KEY` — editable Type: `text` (Optional) The Base64 text representation of the encryption key to use. If omitted, uses the default encryption defined on the bucket in AWS. #### `COMMENT` — editable Type: `text` (Optional) A description or comment regarding this connection. ## Examples #### Minimum example ```sql CREATE S3 CONNECTION my_s3_connection; ``` {% hint style="info" %} This example uses the default credentials from Upsolver's integration with AWS. See the guide to [Deploy Upsolver on AWS](/content/how-to-guides-1/setup/deploy-upsolver-on-aws.md) for more information. {% endhint %} #### Full example ```sql CREATE S3 CONNECTION s3_example AWS_ROLE = 'arn:aws:iam::123456789012:role/upsolver-sqlake-role' PATH_DISPLAY_FILTERS = ('s3://bucket1/', 's3://bucket2/folder-path/') READ_ONLY = TRUE ENCRYPTION_KMS_KEY = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab' COMMENT = 'My new S3 connection'; ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://upsolver.gitbook.io/content/reference-1/sql-commands/connections/create-connection/amazon-s3.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.