Tellius
  • 🚩Getting Started
    • 👋Say Hello to Tellius
      • Glossary
      • Tellius 101
      • Navigating around Tellius
      • Guided tours for quick onboarding
    • ⚡Quick Start Guides
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
    • ✅Best Practices
      • Search
      • Vizpads (Explore)
      • Insights (Discover)
      • Predict
      • Data
    • ⬇️Initial Setup
      • Tellius architecture
      • System requirements
      • Installation steps for Tellius
      • Customizing Tellius
    • Universal Search
    • 🏠Tellius Home Page
  • Kaiya
    • ♟️Understanding AI Agents & Agentic Flows
      • Glossary
      • Composer
      • 🗝️Triggering an agentic workflow
      • The art of possible
      • Setting up LLM for Kaiya
    • 🤹Kaiya conversational AI
      • ❓FAQs on Kaiya Conversations
      • Triggering Insights with "Why" questions
      • Mastering Kaiya conversational AI
  • 🔍Search
    • 👋Get familiar with our Search interface
    • 🤔Understanding Tellius Search
    • 📍Search Guide
    • 🚀Executing a search query
      • Selecting a Business View
      • Typing a search query
      • Constructing effective search queries
      • Marketshare queries
    • 🔑Analyzing search results
      • Understanding search results
      • Search Inspector
      • Time taken to execute a query
      • Interacting with the resulting chart
    • 📊Know your charts in Tellius
      • Understanding Tellius charts
      • Variations of a chart type
      • Building charts from Configuration pane
      • List of chart-specific fields
      • Adding columns to fields in Configuration pane
      • Absolute and percentage change aggregations
      • Requirements of charts
      • Switching to another chart
      • Formatting charts
      • Advanced Analytics
      • Cumulative line chart
    • 🧑‍🏫Help Tellius learn
    • 🕵️‍♂️Search history
    • 🎙️Voice-driven search
    • 🔴Live Query mode
  • 📈Vizpads (Explore)
    • 🙋Meet Vizpads!
    • 👋Get familiar with our Vizpads
    • #️⃣Measures, dimensions, date columns
    • ✨Creating Vizpads
    • 🌐Applying global filters
      • Filters in multi-BV Vizpads
      • Filters using common columns
    • 📌Applying local filters
    • 📅Date picker in filters
      • Customizing the calendar view
    • ✅Control filters
      • Multi-select list
      • Single-select list
      • Range slider
      • Dropdown list
    • 👁️Actions in View mode
      • Interacting with the charts
    • 📝Actions in Edit mode
      • 🗨️Viz-level actions
    • 🔧Anomaly management for line charts
      • Instance level
      • Vizpad level
      • Chart level
    • ⏳Time taken to load a chart
      • Instance level
      • Vizpad level
      • Chart level
    • ♟️Working with sample datasets
    • 🔁Swapping Business View of charts
      • Swapping only the current Vizpad
      • Swapping multiple objects
      • Configuring the time of swap
    • 🤖Explainable AI charts
  • 💡Insights (Discover)
    • 👋Get familiar with our Insights
    • ❓Understanding the types of Insights
    • 🕵️‍♂️Discovery Insights
    • ➕How to create new Insights
      • 🔛Creating Discovery Insight
      • 🔑Creating Key Driver Insights
      • 〰️Creating Trend Insights
      • 👯Creating Comparison Insights
    • 🧮The art of selecting columns for Insights
      • ➡️How to include/exclude columns?
  • 🔢Data
    • 👋Get familiar with our Data module
    • 🥂Connect
    • 🪹Create new datasource
      • Connecting to Oracle database
      • Connecting to MySQL database
      • Connecting to MS SQL database
      • Connecting to Postgres SQL database
      • Connecting to Teradata
      • Connecting to Redshift
      • Connecting to Hive
      • Connecting to Azure Blob Storage
      • Connecting to Spark SQL
      • Connecting to generic JDBC
      • Connecting to Salesforce
      • Connecting to Google cloud SQL
        • Connecting to a PostgreSQL cloud SQL instance
        • Connecting to an MSSQL cloud SQL instance
        • Connecting to a MySQL Cloud SQL Instance
      • Connecting to Amazon S3
      • Connecting to Google BigQuery
        • Steps to connect to a Google BigQuery database
      • Connecting to Snowflake
        • OAuth support for Snowflake
        • Integrating Snowflake with Azure AD via OAuth
        • Integrating Snowflake with Okta via OAuth
        • Azure PrivateLink
        • AWS PrivateLink
        • Best practices
      • Connecting to Databricks
      • Connecting to Databricks Delta Lake
      • Connecting to an AlloyDB Cluster
      • Connecting to HDFS
      • Connecting to Looker SQL Interface
      • Loading Excel sheets
      • 🚧Understanding partitioning your data
    • ⏳Time-to-Live (TTL) and Caching
    • 🌷Refreshing a datasource
    • 🪺Managing your datasets
      • Swapping datasources
    • 🐣Preparing your datasets
      • 🤾Actions that can be done on a dataset
      • Data Pipeline
      • SQL code snippets
      • ✍️Writeback window
      • 🧩Editing Prepare → Data
      • Handling null or mismatched values
      • Metadata view
      • List of icons and their actions
        • Functions
        • SQL Transform
        • Python Transform
        • Standard Aggregation
        • Creating Hierarchies
      • Dataset Scripting
      • Fusioning your datasets
      • Scheduling refresh for datasets
    • 🐥Preparing your Business Views
      • 🌟Create a new Business View
      • Creating calculated columns
      • Creating dynamic parameters
      • Scheduling refresh for Business Views
      • Setting up custom calendars
    • Tellius Engine: Comparison of In-Memory vs. Live Mode
  • Feed
    • 📩What is a Feed in Tellius?
    • ❗Alerts on the detection of anomalies
    • 📥Viewing and deleting metrics
    • 🖲️Track a new metric
  • Assistant
    • 💁Introducing Tellius Assistant
    • 🎤Voice-based Assistant
    • 💬Interacting with Assistant
    • ↖️Selecting Business View
  • Embedding Tellius
    • What you should know before embedding
    • Embedding URL
      • 📊Embedding Vizpads
        • Apply and delete filters
        • Vizpad-related actionTypes
        • Edit, save, and share a Vizpad
        • Keep, remove, drill sections
        • Adding a Viz to a Vizpad
        • Row-level policy filters
      • 💡Embedding Insights
        • Creating and Viewing Insights
      • 🔎Embedding Search
        • Search query execution
      • Embedding Assistant
      • 🪄Embedding Kaiya
      • Embedding Feed
  • API
    • Insights APIs
    • Search APIs
    • Authentication API (Login API)
  • ✨What's New
    • Release 5.4
      • Patch 5.4.0.x
    • Release 5.3
      • Patch 5.3.1
      • Patch 5.3.2
      • Patch 5.3.3
    • Release 5.2
      • Patch 5.2.1
      • Patch 5.2.2
    • Release 5.1
      • Patch 5.1.1
      • Patch 5.1.2
      • Patch 5.1.3
    • Release 5.0
      • Patch 5.0.1
      • Patch 5.0.2
      • Patch 5.0.3
      • Patch 5.0.4
      • Patch 5.0.5
    • Release 4.3 (Fall 2023)
      • Patch 4.3.1
      • Patch 4.3.2
      • Patch 4.3.3
      • Patch 4.3.4
    • Release 4.2
      • Patch 4.2.1
      • Patch 4.2.2
      • Patch 4.2.3
      • Patch 4.2.4
      • Patch 4.2.5
      • Patch 4.2.6
      • Patch 4.2.7
    • Release 4.1
      • Patch 4.1.1
      • Patch 4.1.2
      • Patch 4.1.3
      • Patch 4.1.4
      • Patch 4.1.5
    • Release 4.0
Powered by GitBook

© 2025 Tellius

On this page
  • Prerequisites
  • How to get AWS access key ID and secret access key
  • How to connect with S3 from Tellius

Was this helpful?

Export as PDF
  1. Data
  2. Create new datasource

Connecting to Amazon S3

A step-by-step guide to connect with Amazon S3

PreviousConnecting to a MySQL Cloud SQL InstanceNextConnecting to Google BigQuery

Last updated 4 months ago

Was this helpful?

This documentation provides a step-by-step guide on how to connect to Amazon S3 from Tellius.

Prerequisites

  • An Amazon Web Services (AWS) account

  • AWS Access Key ID and Secret Access Key

  • Tellius credentials

How to get AWS access key ID and secret access key

  1. Navigate to the IAM console at .

  2. From the navigation menu, select Users.

  3. Click on your specific IAM username (avoid clicking the checkbox).

  4. Under the Security credentials tab, opt to Create access key.

  5. Click Show to reveal your new access key. They should look like this:

  • Access key ID: <ACCESS_KEY_ID>

  • Secret access key: <SECRET_ACCESS_KEY>

  1. To save the key pair, click Download .csv file and keep the file in a secure place.

If a secret access key is misplaced, it cannot be retrieved, and a new key pair must be created.

How to connect with S3 from Tellius

Key-based access

To connect with Amazon S3 for the first time,

  1. Navigate to Data → Connect → Create new → Amazon S3.

  2. Provide the following details:

  • AWS Access Key - Enter the access key ID that was generated that was generated in the previous step.

  • AWS Secret Key - Enter the secret access key that was generated in the previous step.

  • S3 Bucket - Provide the Amazon S3 bucket name (globally unique name).

  • AWS Region - Choose the region from the dropdown. Locations may differ depending on the type of Cloud.

  • Datasource Name - Provide the name of the datasource

  1. Click on Save and Browse Host to proceed. The connection details will be saved.

To connect with Amazon S3 using an already existing datasource,

  1. Enable Use validated datasource connection details to use the details of the connections already established.

  2. A new field Select Datasource gets added.

  3. Click the dropdown to select from the list of already available connections.

  4. Based on the datasource selected, the fields will be auto-populated.

  5. Click on Browse Host to proceed.

Note: The dataset name can contain only letters, numbers, and underscores. It cannot begin with numbers or underscores or contain special characters, symbols, or spaces.

Role-based access

Role-based access control (RBAC) in AWS for Amazon S3 allows you to configure Tellius to securely access an S3 bucket without the need for access or secret keys. This approach is recommended and provides a secure way to access AWS resources.

To enable RBAC, you first need to identify the role associated with the nodes where Tellius is deployed.

EKS

If you are using EKS, the worker nodes of your EKS cluster will have an associated role. You can access this information using the EKS page on the AWS Console.

Standalone

Once you have identified the role associated with the Tellius deployment nodes, follow these steps to grant access to an S3 bucket:

  1. Sign in to the AWS Management Console and open the IAM console.

  2. In the navigation pane, select Policies and then click on the Create policy button.

  3. On the Create policy page, select the JSON tab to enter the policy document in JSON format.

  4. Enter the following JSON policy document, which provides read-only access to the S3 bucket:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME"
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}
  1. Replace "YOUR_BUCKET_NAME" with the actual name of the S3 bucket to which you want to grant access. This policy allows the IAM role to perform "Get" and "List" actions on objects within the specified bucket.

  2. Click on the Review policy button to proceed.

  3. Provide a name and description for the policy, and review the policy summary.

  4. Click on the Create policy button to create the IAM policy.

  5. Once the policy is created, you can attach it to the IAM role associated with Tellius. To do this, navigate to the IAM Roles page, select the desired role, click on the Attach policies button, search for and select the policy you just created, and then click the Attach policy button.

Enhanced role-based access with detailed policy permissions

To provide a more granular level of control and understandability over the S3 access, here's an extended sample policy with an explanation for each of its attributes:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": "s3:GetBucketLocation",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "arn:aws:s3:::*"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "s3:Get*",
                "s3:List*"
            ],
            "Resource": [
                "arn:aws:s3:::<BUCKET_NAME>/*",
                "arn:aws:s3:::<BUCKET_NAME>"
            ]
        }
    ]
}

Explanation

  • VisualEditor0 Statement:

    • Purpose: Grants permission to retrieve the location of the S3 bucket.

    • Effect: Decision attribute. Specifies whether the policy statement results in an allow or an explicit deny for the specified actions

    • Action: "s3:GetBucketLocation". Returns the region the bucket resides in.

    • Resource: Targets all S3 buckets.

  • VisualEditor1 Statement:

    • Purpose: Allows the listing of all S3 buckets.

    • Action: "s3:ListAllMyBuckets". Lists all buckets owned by the authenticated sender of the request.

    • Resource: Targets all S3 buckets.

  • VisualEditor2 Statement:

    • Purpose: Provides permission to get (read) and list (view) all objects and their metadata within a specified S3 bucket.

    • Action: "s3:Get*" and "s3:List*". These wildcard actions grant permissions for all Get and List related actions respectively.

    • Resource: Specifies which S3 bucket the actions apply to. Replace <BUCKET_NAME> with the actual name of your S3 bucket.

ARN stands for Amazon Resource Name. It is a unique identifier assigned to resources within the Amazon Web Services (AWS) ecosystem. An ARN provides a standardized format for identifying and referencing AWS resources across different services and accounts. ARNs are structured as follows: arn:aws:service:region:account-id:resource-type/resource-name arn: This is the prefix that indicates it is an ARN. aws:service: This specifies the AWS service that the resource belongs to, such as s3 for Amazon S3, ec2 for Amazon EC2, or lambda for AWS Lambda. region: This indicates the AWS region where the resource is located, such as us-east-1 or eu-west-2. account-id: This is the unique identifier for the AWS account that owns the resource. resource-type/resource-name: These components vary depending on the service and resource being referenced. They identify the specific resource within the service.

By following these steps, you can configure Tellius to securely access the designated S3 bucket using the appropriate role-based access control.

When implementing this policy, ensure that the networking components, such as firewalls or VPC settings, do not block the connections required by these permissions. This is vital to ensure seamless access to the specified S3 resources.

If you have a standalone setup where Tellius is directly deployed on AWS EC2 instances, follow the steps outlined to attach an IAM role to an EC2 instance:

🔢
🪹
https://console.aws.amazon.com/iam/
here
EKS page