Accelerate the Value of Data

Create buckets IAM policy in AWS

Learn how to create an Identity and Access Management (IAM) policy in your AWS account for the buckets.

Create an IAM policy to give Databricks read permissions to your Staging bucket and write permissions to your Target bucket. For more information, see topic Policies and permissions in IAM.
To create a policy:
  1. Log in to the AWS Management Console.
  2. In the search field, enter iam.
  3. In the drop-down list of items, hover over IAM and select Policies.
  4. In the Policies page, select Create Policy.
  5. In the Create policy page, provide the permissions for the policy:
    1. Service: Select the S3 service.
    2. Actions: In the Write access level, select GetObject.
    3. Resources: Select Add ARN and add the Staging bucket name from Create an AWS S3 storage bucket. The object name can be any.
    4. Select Add.
  6. Select Add more permissions to add a permission block for the Target bucket:
    1. Service: Select the S3 service.
    2. Actions: In the Write access level, select DeleteObject, GetObject, and PutObject.
    3. Resources: Select Add ARN and add the Target bucket name from Create an AWS S3 storage bucket.
    4. Select Add.
  7. Select Next:Tags.
  8. Select Next:Review.
  9. In the Review Policy page, provide the policy details.
    1. Name: Enter a policy name. For example: pm-doc-write.
    2. Description: Enter a description for the policy.
  10. Select Create Policy. For more information, see topic Creating IAM policies.
For example:
{
    "Version": "2024-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetObject",
            "Resource": "arn:aws:s3:::stagingbucketname/*"
        },{
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::targetbucketname/*"
        }
    ]
}