AWS S3 Recipes

Using AWS IAM — Identity and Access Management roles

For EC2 instance, there is an option to configure an IAM role:

Role shall contain a policy with permissions like:

    "Version": "2012-10-17",
    "Statement": [
            "Sid": "allow-put-and-get",
            "Effect": "Allow",
            "Action": [
            "Resource": "arn:aws:s3:::BUCKET_NAME/test_s3_disk/*"

Corresponding configuration of ClickHouse:


Small check:

CREATE TABLE table_s3 (number Int64) ENGINE=MergeTree() ORDER BY tuple() PARTITION BY tuple() SETTINGS storage_policy='policy_s3_only';
INSERT INTO table_s3 SELECT * FROM system.numbers LIMIT 100000000;
SELECT * FROM table_s3;
DROP TABLE table_s3;
Last modified 2021.09.25: add s3 restore (3088d56)