S3 API requirements for Starburst Enterprise

Starburst Enterprise platform (SEP) requires a specific set of Amazon S3 API actions to read from and write to object storage. Use the following as the minimum required IAM permission set when configuring access to S3 or S3-compatible storage.

Required S3 actions

{
  "Effect": "Allow",
  "Action": [
    "s3:AbortMultipartUpload",
    "s3:DeleteObject",
    "s3:GetObject",
    "s3:ListAllMyBuckets",
    "s3:ListBucket",
    "s3:PutObject",
    "s3:PutObjectTagging"
  ],
  "Resource": "*"
}

These actions have been validated against general table reads and writes in SEP. Granting only these actions follows the principle of least privilege and is the recommended approach for production deployments.

Note

S3-compatible object storage vendors seeking to validate compatibility with SEP should ensure their platform supports all of the actions listed above. See Object storage extensions for a list of validated third-party providers.