APPLIES TO: Azure Data Factory Azure Synapse Analytics
This article outlines how to copy data from Amazon Simple Storage Service (Amazon S3). To learn about Azure Data Factory, read the introductory article.
Aug 04, 2021 Access control means the what kind of access levels can be implemented in s3 and how we can control them, As the access level is very important in every storage in this world may be it is a Linux system/server or windows etc,hence s3 also provides the access control by different means which are mainly. Amazon S3 Access Points How do S3 Access Points work? Each S3 Access Point is configured with an access policy specific to a use case or application. For example, you can create an access point for your S3 bucket that grants access for groups of users or applications for your data lake.
Tip
To learn more about the data migration scenario from Amazon S3 to Azure Storage, see Use Azure Data Factory to migrate data from Amazon S3 to Azure Storage.
Supported capabilities
This Amazon S3 connector is supported for the following activities:
- Copy activity with supported source/sink matrix
Specifically, this Amazon S3 connector supports copying files as is or parsing files with the supported file formats and compression codecs. You can also choose to preserve file metadata during copy. The connector uses AWS Signature Version 4 to authenticate requests to S3.
Tip
If you want to copy data from any S3-compatible storage provider, see Amazon S3 Compatible Storage.
Required permissions
To copy data from Amazon S3, make sure you've been granted the following permissions for Amazon S3 object operations: s3:GetObject and s3:GetObjectVersion.
If you use Data Factory UI to author, additional s3:ListAllMyBuckets and s3:ListBucket/s3:GetBucketLocation permissions are required for operations like testing connection to linked service and browsing from root. If you don't want to grant these permissions, you can choose 'Test connection to file path' or 'Browse from specified path' options from the UI.
For the full list of Amazon S3 permissions, see Specifying Permissions in a Policy on the AWS site.
Getting started
To perform the Copy activity with a pipeline, you can use one of the following tools or SDKs:
The following sections provide details about properties that are used to define Data Factory entities specific to Amazon S3.
Linked service properties
The following properties are supported for an Amazon S3 linked service:
| Property | Description | Required |
|---|---|---|
| type | The type property must be set to AmazonS3. | Yes |
| authenticationType | Specify the authentication type used to connect to Amazon S3. You can choose to use access keys for an AWS Identity and Access Management (IAM) account, or temporary security credentials. Allowed values are: AccessKey (default) and TemporarySecurityCredentials. | No |
| accessKeyId | ID of the secret access key. | Yes |
| secretAccessKey | The secret access key itself. Mark this field as a SecureString to store it securely in Data Factory, or reference a secret stored in Azure Key Vault. | Yes |
| sessionToken | Applicable when using temporary security credentials authentication. Learn how to request temporary security credentials from AWS. Note AWS temporary credential expires between 15 minutes to 36 hours based on settings. Make sure your credential is valid when activity executes, especially for operationalized workload - for example, you can refresh it periodically and store it in Azure Key Vault. Mark this field as a SecureString to store it securely in Data Factory, or reference a secret stored in Azure Key Vault. | No |
| serviceUrl | Specify the custom S3 endpoint https://<service url>. | No |
| connectVia | The integration runtime to be used to connect to the data store. You can use the Azure integration runtime or the self-hosted integration runtime (if your data store is in a private network). If this property isn't specified, the service uses the default Azure integration runtime. | No |
Example: using access key authentication
Example: using temporary security credential authentication
Dataset properties
For a full list of sections and properties available for defining datasets, see the Datasets article.
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
The following properties are supported for Amazon S3 under location settings in a format-based dataset:
| Property | Description | Required |
|---|---|---|
| type | The type property under location in a dataset must be set to AmazonS3Location. | Yes |
| bucketName | The S3 bucket name. | Yes |
| folderPath | The path to the folder under the given bucket. If you want to use a wildcard to filter the folder, skip this setting and specify that in the activity source settings. | No |
| fileName | The file name under the given bucket and folder path. If you want to use a wildcard to filter files, skip this setting and specify that in the activity source settings. | No |
| version | The version of the S3 object, if S3 versioning is enabled. If it's not specified, the latest version will be fetched. | No |
Example:
Copy activity properties
For a full list of sections and properties available for defining activities, see the Pipelines article. This section provides a list of properties that the Amazon S3 source supports.
Amazon S3 as a source type
Azure Data Factory supports the following file formats. Refer to each article for format-based settings.
The following properties are supported for Amazon S3 under storeSettings settings in a format-based copy source:
| Property | Description | Required |
|---|---|---|
| type | The type property under storeSettings must be set to AmazonS3ReadSettings. | Yes |
| Locate the files to copy: | ||
| OPTION 1: static path | Copy from the given bucket or folder/file path specified in the dataset. If you want to copy all files from a bucket or folder, additionally specify wildcardFileName as *. | |
| OPTION 2: S3 prefix - prefix | Prefix for the S3 key name under the given bucket configured in a dataset to filter source S3 files. S3 keys whose names start with bucket_in_dataset/this_prefix are selected. It utilizes S3's service-side filter, which provides better performance than a wildcard filter.When you use prefix and choose to copy to file-based sink with preserving hierarchy, note the sub-path after the last '/' in prefix will be preserved. For example, you have source bucket/folder/subfolder/file.txt, and configure prefix as folder/sub, then the preserved file path is subfolder/file.txt. | No |
| OPTION 3: wildcard - wildcardFolderPath | The folder path with wildcard characters under the given bucket configured in a dataset to filter source folders. Allowed wildcards are: * (matches zero or more characters) and ? (matches zero or single character). Use ^ to escape if your folder name has a wildcard or this escape character inside. See more examples in Folder and file filter examples. | No |
| OPTION 3: wildcard - wildcardFileName | The file name with wildcard characters under the given bucket and folder path (or wildcard folder path) to filter source files. Allowed wildcards are: * (matches zero or more characters) and ? (matches zero or single character). Use ^ to escape if your file name has a wildcard or this escape character inside. See more examples in Folder and file filter examples. | Yes |
| OPTION 4: a list of files - fileListPath | Indicates to copy a given file set. Point to a text file that includes a list of files you want to copy, one file per line, which is the relative path to the path configured in the dataset. When you're using this option, do not specify a file name in the dataset. See more examples in File list examples. | No |
| Additional settings: | ||
| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. Note that when recursive is set to true and the sink is a file-based store, an empty folder or subfolder isn't copied or created at the sink. Allowed values are true (default) and false. This property doesn't apply when you configure fileListPath. | No |
| deleteFilesAfterCompletion | Indicates whether the binary files will be deleted from source store after successfully moving to the destination store. The file deletion is per file, so when copy activity fails, you will see some files have already been copied to the destination and deleted from source, while others are still remaining on source store. This property is only valid in binary files copy scenario. The default value: false. | No |
| modifiedDatetimeStart | Files are filtered based on the attribute: last modified. The files will be selected if their last modified time is within the time range between modifiedDatetimeStart and modifiedDatetimeEnd. The time is applied to a UTC time zone in the format of '2018-12-01T05:00:00Z'. The properties can be NULL, which means no file attribute filter will be applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, the files whose last modified attribute is greater than or equal to the datetime value will be selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, the files whose last modified attribute is less than the datetime value will be selected.This property doesn't apply when you configure fileListPath. | No |
| modifiedDatetimeEnd | Same as above. | No |
| enablePartitionDiscovery | For files that are partitioned, specify whether to parse the partitions from the file path and add them as additional source columns. Allowed values are false (default) and true. | No |
| partitionRootPath | When partition discovery is enabled, specify the absolute root path in order to read partitioned folders as data columns. If it is not specified, by default, - When you use file path in dataset or list of files on source, partition root path is the path configured in dataset. - When you use wildcard folder filter, partition root path is the sub-path before the first wildcard. - When you use prefix, partition root path is sub-path before the last '/'. For example, assuming you configure the path in dataset as 'root/folder/year=2020/month=08/day=27': - If you specify partition root path as 'root/folder/year=2020', copy activity will generate two more columns month and day with value '08' and '27' respectively, in addition to the columns inside the files.- If partition root path is not specified, no extra column will be generated. | No |
| maxConcurrentConnections | The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. | No |
Example:
Folder and file filter examples
This section describes the resulting behavior of the folder path and file name with wildcard filters.
| bucket | key | recursive | Source folder structure and filter result (files in bold are retrieved) |
|---|---|---|---|
| bucket | Folder*/* | false | bucket FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
| bucket | Folder*/* | true | bucket FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
| bucket | Folder*/*.csv | false | bucket FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
| bucket | Folder*/*.csv | true | bucket FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv AnotherFolderB File6.csv |
File list examples
This section describes the resulting behavior of using a file list path in a Copy activity source.
Assume that you have the following source folder structure and want to copy the files in bold:
| Sample source structure | Content in FileListToCopy.txt | Data Factory configuration |
|---|---|---|
| bucket FolderA File1.csv File2.json Subfolder1 File3.csv File4.json File5.csv Metadata FileListToCopy.txt | File1.csv Subfolder1/File3.csv Subfolder1/File5.csv | In dataset: - Bucket: bucket- Folder path: FolderAIn Copy activity source: - File list path: bucket/Metadata/FileListToCopy.txtThe file list path points to a text file in the same data store that includes a list of files you want to copy, one file per line, with the relative path to the path configured in the dataset. |
Preserve metadata during copy
When you copy files from Amazon S3 to Azure Data Lake Storage Gen2 or Azure Blob storage, you can choose to preserve the file metadata along with data. Learn more from Preserve metadata.
Lookup activity properties
To learn details about the properties, check Lookup activity.
GetMetadata activity properties
To learn details about the properties, check GetMetadata activity.
Delete activity properties
To learn details about the properties, check Delete activity.
Legacy models
Amazon S3 Bucket
Note
Amazon S3 Access Key
The following models are still supported as is for backward compatibility. We suggest that you use the new model mentioned earlier. The Data Factory authoring UI has switched to generating the new model.
Amazon S3 Access Key Id
Legacy dataset model
| Property | Description | Required |
|---|---|---|
| type | The type property of the dataset must be set to AmazonS3Object. | Yes |
| bucketName | The S3 bucket name. The wildcard filter is not supported. | Yes for the Copy or Lookup activity, no for the GetMetadata activity |
| key | The name or wildcard filter of the S3 object key under the specified bucket. Applies only when the prefix property is not specified. The wildcard filter is supported for both the folder part and the file name part. Allowed wildcards are: * (matches zero or more characters) and ? (matches zero or single character).- Example 1: 'key': 'rootfolder/subfolder/*.csv'- Example 2: 'key': 'rootfolder/subfolder/???20180427.txt'See more example in Folder and file filter examples. Use ^ to escape if your actual folder or file name has a wildcard or this escape character inside. | No |
| prefix | Prefix for the S3 object key. Objects whose keys start with this prefix are selected. Applies only when the key property is not specified. | No |
| version | The version of the S3 object, if S3 versioning is enabled. If a version is not specified, the latest version will be fetched. | No |
| modifiedDatetimeStart | Files are filtered based on the attribute: last modified. The files will be selected if their last modified time is within the time range between modifiedDatetimeStart and modifiedDatetimeEnd. The time is applied to the UTC time zone in the format of '2018-12-01T05:00:00Z'. Be aware that enabling this setting will affect the overall performance of data movement when you want to filter huge amounts of files. The properties can be NULL, which means no file attribute filter will be applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, the files whose last modified attribute is greater than or equal to the datetime value will be selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, the files whose last modified attribute is less than the datetime value will be selected. | No |
| modifiedDatetimeEnd | Files are filtered based on the attribute: last modified. The files will be selected if their last modified time is within the time range between modifiedDatetimeStart and modifiedDatetimeEnd. The time is applied to the UTC time zone in the format of '2018-12-01T05:00:00Z'. Be aware that enabling this setting will affect the overall performance of data movement when you want to filter huge amounts of files. The properties can be NULL, which means no file attribute filter will be applied to the dataset. When modifiedDatetimeStart has a datetime value but modifiedDatetimeEnd is NULL, the files whose last modified attribute is greater than or equal to the datetime value will be selected. When modifiedDatetimeEnd has a datetime value but modifiedDatetimeStart is NULL, the files whose last modified attribute is less than the datetime value will be selected. | No |
| format | If you want to copy files as is between file-based stores (binary copy), skip the format section in both input and output dataset definitions. If you want to parse or generate files with a specific format, the following file format types are supported: TextFormat, JsonFormat, AvroFormat, OrcFormat, ParquetFormat. Set the type property under format to one of these values. For more information, see the Text format, JSON format, Avro format, Orc format, and Parquet format sections. | No (only for binary copy scenario) |
| compression | Specify the type and level of compression for the data. For more information, see Supported file formats and compression codecs. Supported types are GZip, Deflate, BZip2, and ZipDeflate. Supported levels are Optimal and Fastest. | No |
Tip
To copy all files under a folder, specify bucketName for the bucket and prefix for the folder part.
To copy a single file with a given name, specify bucketName for the bucket and key for the folder part plus file name.
To copy a subset of files under a folder, specify bucketName for the bucket and key for the folder part plus wildcard filter.
Example: using prefix
Example: using key and version (optional)
Legacy source model for the Copy activity
| Property | Description | Required |
|---|---|---|
| type | The type property of the Copy activity source must be set to FileSystemSource. | Yes |
| recursive | Indicates whether the data is read recursively from the subfolders or only from the specified folder. Note that when recursive is set to true and the sink is a file-based store, an empty folder or subfolder will not be copied or created at the sink. Allowed values are true (default) and false. | No |
| maxConcurrentConnections | The upper limit of concurrent connections established to the data store during the activity run. Specify a value only when you want to limit concurrent connections. | No |
Example:
Next steps
Amazon S3 Access Denied
For a list of data stores that the Copy activity in Azure Data Factory supports as sources and sinks, see Supported data stores.