Struct google_storagetransfer1::api::AwsS3Data
source · pub struct AwsS3Data {
pub aws_access_key: Option<AwsAccessKey>,
pub bucket_name: Option<String>,
pub cloudfront_domain: Option<String>,
pub credentials_secret: Option<String>,
pub path: Option<String>,
pub role_arn: Option<String>,
}
Expand description
An AwsS3Data resource can be a data source, but not a data sink. In an AwsS3Data resource, an object’s name is the S3 object’s key name.
This type is not used in any activity, and only used as part of another schema.
Fields§
§aws_access_key: Option<AwsAccessKey>
Input only. AWS access key used to sign the API requests to the AWS S3 bucket. Permissions on the bucket must be granted to the access ID of the AWS access key. For information on our data retention policy for user credentials, see User credentials.
bucket_name: Option<String>
Required. S3 Bucket name (see Creating a bucket).
cloudfront_domain: Option<String>
Optional. Cloudfront domain name pointing to this bucket (as origin), to use when fetching. Format: https://{id}.cloudfront.net
or any valid custom domain https://...
credentials_secret: Option<String>
Optional. The Resource name of a secret in Secret Manager. AWS credentials must be stored in Secret Manager in JSON format: { “access_key_id”: “ACCESS_KEY_ID”, “secret_access_key”: “SECRET_ACCESS_KEY” } GoogleServiceAccount must be granted roles/secretmanager.secretAccessor
for the resource. See [Configure access to a source: Amazon S3] (https://cloud.google.com/storage-transfer/docs/source-amazon-s3#secret_manager) for more information. If credentials_secret
is specified, do not specify role_arn or aws_access_key. This feature is in preview. Format: projects/{project_number}/secrets/{secret_name}
path: Option<String>
Root path to transfer objects. Must be an empty string or full path name that ends with a ‘/’. This field is treated as an object prefix. As such, it should generally not begin with a ‘/’.
role_arn: Option<String>
The Amazon Resource Name (ARN) of the role to support temporary credentials via AssumeRoleWithWebIdentity
. For more information about ARNs, see IAM ARNs. When a role ARN is provided, Transfer Service fetches temporary credentials for the session using a AssumeRoleWithWebIdentity
call for the provided role using the GoogleServiceAccount for this project.