Skip to content

S3 Manage AWS S3 assets

Operations on S3 assets (connections, buckets, objects).

In general, these should be:

  • Created in top-down order (connection, then bucket, then object)
  • Deleted in bottom-up order (objects, then buckets, then connections)1
erDiagram
  Connection ||--o{ S3Bucket : contains
  S3Bucket ||--o{ S3Object : contains

Asset structure

Connection

An AWS S3 connection requires a name and qualifiedName. For creation, specific settings are also required to distinguish it as an AWS S3 connection rather than another type of connection. In addition, at least one of adminRoles, adminGroups, or adminUsers must be provided.

Create an S3 connection
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
String adminRoleGuid = RoleCache.getIdForName("$admin"); // (1)
Connection connection = Connection.creator( // (2)
                "aws-s3-connection", // (3)
                AtlanConnectorType.S3, // (4)
                List.of(adminRoleGuid), // (5)
                List.of("group2"), // (6)
                List.of("jsmith")) // (7)
        .build();
AssetMutationResponse response = connection.upsert(); // (8)
String connectionQualifiedName = response.getCreatedAssets().get(0).getQualifiedName(); // (9)
  1. Retrieve the GUID for the admin role, to use later for defining the roles that can administer the connection.
  2. Build up the minimum request to create a connection.
  3. Provide a human-readable name for your connection, such as production or development.
  4. Set the type of connection to S3.
  5. List the workspace roles that should be able to administer the connection (or null if none). All users with that workspace role (current and future) will be administrators of the connection. Note that the values here need to be the GUID(s) of the workspace role(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.
  6. List the group names that can administer this connection (or null if none). All users within that group (current and future) will be administrators of the connection. Note that the values here are the name(s) of the group(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.
  7. List the user names that can administer this connection (or null if none). Note that the values here are the username(s) of the user(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.
  8. Actually call Atlan to create the connection.
  9. Retrieve the qualifiedName for use in subsequent creation calls. (You'd probably want to do some null checking first.)

Coming soon

POST /api/meta/entity/bulk
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "entities": [
    {
      "typeName": "Connection", // (1)
      "attributes": {
        "name": "aws-s3-connection", // (2)
        "connectorName": "s3", // (3)
        "qualifiedName": "default/s3/123456789", // (4)
        "category": "ObjectStore", // (5)
        "adminRoles": [ // (6)
          "e7ae0295-c60a-469a-bd2c-fb903943aa02"
        ],
        "adminGroups": [ // (7)
          "group2"
        ],
        "adminUsers": [ // (8)
          "jsmith"
        ]
      }
    }
  ]
}
  1. The typeName must be exactly Connection.
  2. Human-readable name for your connection, such as production or development.
  3. The connectorName must be exactly s3.
  4. The qualifiedName should follow the pattern: default/s3/<epoch>, where <epoch> is the time in milliseconds at which the connection is being created.
  5. The category must be ObjectStore.
  6. List any workspace roles that can administer this connection. All users with that workspace role (current and future) will be administrators of the connection. Note that the values here need to be the GUID(s) of the workspace role(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.
  7. List any groups that can administer this connection. All users within that group (current and future) will be administrators of the connection. Note that the values here are the name(s) of the group(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.
  8. List any users that can administer this connection. Note that the values here are the username(s) of the user(s). At least one of adminRoles, adminGroups, or adminUsers must be provided.

Access policies

Atlan creates the policies that grant access to a connection, including the ability to retrieve the connection and to create assets within it, asynchronously. It can take several seconds (even up to approximately 30 seconds) before these are in place after creating the connection.

You may therefore need to wait before you'll be able to create the assets below within the connection.

To confirm access, retrieve the connection after it has been created. The SDKs' retry loops will automatically retry until the connection can be successfully retrieved. At that point, your API token has permission to create the other assets.

Note: if you are reusing an existing connection rather than creating one via your API token, you must give your API token a persona that has access to that connection. Otherwise all attempts to create, read, update, or delete assets within that connection will fail due to a lack of permissions.

S3Bucket

An AWS S3 bucket requires a name and a qualifiedName. For creation, you also need to specify the connectionQualifiedName of the connection for the bucket, and a unique awsArn.

Create an S3 bucket
11
12
13
14
15
16
17
S3Bucket s3Bucket = S3Bucket.creator( // (1)
                "mybucket", // (2)
                connectionQualifiedName, // (3)
                "arn:aws:s3:::mybucket") // (4)
        .build();
AssetMutationResponse response = s3Bucket.upsert(); // (5)
String bucketQualifiedName = response.getCreatedAssets().get(0).getQualifiedName(); // (6)
  1. Build up the minimum request to create a bucket.
  2. Provide a human-readable name for your bucket.
  3. Provide the qualifiedName of the connection for this bucket.
  4. Provide the unique ARN from AWS for this bucket.
  5. Actually call Atlan to create the bucket.
  6. Retrieve the qualifiedName for use in subsequent creation calls. (You'd probably want to do some null checking first.)

Coming soon

POST /api/meta/entity/bulk
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
{
  "entities": [
    {
      "typeName": "S3Bucket", // (1)
      "attributes": {
        "name": "mybucket", // (2)
        "awsArn": "arn:aws:s3:::mybucket", // (3)
        "qualifiedName": "default/s3/123456789/arn:aws:s3:::mybucket", // (4)
        "connectionQualifiedName": "default/s3/123456789", // (5)
        "connectorName": "s3" // (6)
      }
    }
  ]
}
  1. The typeName must be exactly S3Bucket.
  2. Human-readable name for your bucket.
  3. The awsArn should be the unique ARN from AWS for this bucket.
  4. The qualifiedName should follow the pattern: default/s3/<epoch>/<awsArn>, where default/s3/<epoch> is the qualifiedName of the connection for this bucket and <awsArn> is the unique ARN for this bucket.
  5. The connectionQualifiedName must be the exact qualifiedName of the connection for this bucket.
  6. The connectorName must be exactly s3.

S3Object

An AWS S3 object requires a name and a qualifiedName. For creation, you also need to specify the connectionQualifiedName of the connection for the object, and a unique awsArn. You should also specify the bucket the object is in, along with its s3BucketName and s3BucketQualifiedName.

Create an S3 object
18
19
20
21
22
23
24
25
26
S3Object s3Object = S3Object.creator( // (1)
                "myobject.csv", // (2)
                connectionQualifiedName, // (3)
                "arn:aws:s3:::mybucket/prefix/myobject.csv") // (4)
        .s3BucketName("mybucket") // (5)
        .s3BucketQualifiedName(bucketQualifiedName) // (6)
        .bucket(S3Bucket.refByQualifiedName(bucketQualifiedName)) // (7)
        .build();
AssetMutationResponse response = s3Object.upsert(); // (8)
  1. Build up the minimum request to create an object.
  2. Provide a human-readable name for your object.
  3. Provide the qualifiedName of the connection for this object.
  4. Provide the unique ARN from AWS for this object.
  5. Provide the human-readable name of the bucket this object is in.
  6. Provide the qualifiedName of the bucket this object is in.
  7. Create a reference to the bucket this object is in, using its qualifiedName. Note: the bucket must already exist in Atlan before creating the object.
  8. Actually call Atlan to create the object.

Coming soon

POST /api/meta/entity/bulk
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
{
  "entities": [
    {
      "typeName": "S3Object", // (1)
      "attributes": {
        "name": "myobject.csv", // (2)
        "awsArn": "arn:aws:s3:::mybucket/prefix/myobject.csv", // (3)
        "qualifiedName": "default/s3/123456789/arn:aws:s3:::mybucket/prefix/myobject.csv", // (4)
        "connectionQualifiedName": "default/s3/123456789", // (5)
        "connectorName": "s3", // (6)
        "bucket": { // (7)
          "typeName": "S3Bucket", // (8)
          "uniqueAttributes": { // (9)
            "qualifiedName": "default/s3/123456789/arn:aws:s3:::mybucket"
          }
        },
        "s3BucketName": "mybucket", // (10)
        "s3BucketQualifiedName": "default/s3/123456789/arn:aws:s3:::mybucket" // (11)
      }
    }
  ]
}
  1. The typeName must be exactly S3Object.
  2. Human-readable name for your object.
  3. The awsArn should be the unique ARN from AWS for this object.
  4. The qualifiedName should follow the pattern: default/s3/<epoch>/<awsArn>, where default/s3/<epoch> is the qualifiedName of the connection for this object and <awsArn> is the unique ARN for this object.
  5. The connectionQualifiedName must be the exact qualifiedName of the connection for this object.
  6. The connectorName must be exactly s3.
  7. The bucket in which this object exists is embedded in the bucket attribute.
  8. The typeName for this embedded reference must be S3Bucket.
  9. To complete the reference, you must include a uniqueAttributes object with the qualifiedName of the bucket. Note: the bucket must already exist in Atlan before creating the object.
  10. The s3BucketName should be the human-readable name of the bucket.
  11. The s3BucketQualifiedName should be the qualifiedName of the bucket.

Available relationships

Every level of the object store structure is an Asset, and can therefore be related to the following other assets.

erDiagram
  Asset }o--o{ AtlasGlossaryTerm : meanings
  Asset ||--o{ Link : links
  Asset ||--o| Readme : readme
  Asset }o--o{ Process : inputToProcesses
  Asset }o--o{ Process : outputFromProcesses

AtlasGlossaryTerm

A glossary term provides meaning to an asset. The link terms to assets snippet provides more detail on setting this relationship.

A link provides additional context to an asset, by providing a URL to additional information.

Readme

A README provides rich documentation for an asset. The add asset READMEs snippet provides more detail on setting this relationship.

Process

A process provides lineage information for an asset. An asset can be both an input and an output for one or more processes. The lineage snippets provide more detail on creating and working with lineage.

  1. Although if you want to delete everything in a connection, your better avenue is the packaged connection delete utility in the UI.