...
Code Block |
---|
{ "Statement": [ { "Action": [ "s3:ListBucket*", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "arn:aws:s3:::thisisthenameofmybucket", "Principal": { "AWS": "325565585839" } }, { "Action": [ "s3:GetObject", "s3:PutObject", "s3:*Object*DeleteObject", "s3:*MultipartUpload*AbortMultipartUpload" ], "Effect": "Allow", "Resource": "arn:aws:s3:::thisisthenameofmybucket/*", "Principal": { "AWS": "325565585839" } } ] } |
For read-write permissionsTo register the bucket with Synapse, you also need to create an object that proves to the Synapse service that you own this bucket. This can be done by creating a file named owner.txt that contains a line separated list a line or comma separated list of user identifiers that are allowed to register and upload to the bucket. Valid user identifiers are a numeric Synapse user ID or the numeric ID of a team that you are a member of.
...
The ID of the user or the team can be obtained by navigating to the user profile or to the team page. The ID is the numeric value shown in the browser URL bar after the Profile: or Team: prefixes.
...
Code Block |
---|
{ "Statement": [ { "Action": [ "s3:ListBucket*", "s3:GetBucketLocation" ], "Effect": "Allow", "Resource": "arn:aws:s3:::synapse-share.yourcompany.com", "Principal": { "AWS": "325565585839" } }, { "Action": [ "s3:GetObject*", "s3:*MultipartUpload*" ], "Effect": "Allow", "Resource": "arn:aws:s3:::synapse-share.yourcompany.com/*", "Principal": { "AWS": "325565585839" } } ] } |
...
Instructions:
Download the CF template.
Use the AWS Command Line or AWS Console to execute the template which will automatically provision the bucket.
...
Navigate to your project or folder of interest, then select Tools, and Change Storage Location. In the resulting pop-up, select the Amazon S3 Bucket option and fill in the relevant information, where Bucket is the name of your external bucket, the optional Base Key is the name of the folder in your bucket to upload to, and Banner is a short description such as who owns the storage location:
...
Select the newly created bucket and click the Permissions tab.
Select the Add members button and enter the member
synapse-svc-prod@uplifted-crow-246820.iam.gserviceaccount.com
. This is Synapse’s service account. Give the account the permissions Storage Legacy Bucket Reader and Storage Object Viewer for read permission. To allow Synapse to upload files, additionally grant the Storage Legacy Bucket Writer permission.
For read-write permissionsTo register the bucket with Synapse, you also need to create an object that proves to the Synapse service that you own this bucket. This can be done by creating a file named owner.txt that contains a line or comma separated list of user identifiers that are allowed to register the bucket and uploading it to your bucket. Valid user identifiers are: a Synapse user ID or the ID of a team that you are a member of.
...
The ID of the user or the team can be obtained by navigating to the user profile or to the team page, the ID is the numeric value shown in the browser URL bar after the Profile: or Team: prefixes:
...
You can upload the file with the Google Cloud Platform Console, or using the command line gsutil application.
...
Info |
---|
Note: Files in an external bucket will not be automatically added to Synapse. |
...