Amazon S3
The Amazon S3 destination writes data to Amazon S3. For information about supported versions, see Supported Systems and Versions.
To write data to an Amazon Kinesis Firehose delivery system, use the Kinesis Firehose destination. To write data to Amazon Kinesis Streams, use the Kinesis Producer destination.
With the Amazon S3 destination, you configure the region, bucket, and common prefix to define where to write objects. You can use a partition prefix to specify the S3 partition to write to. You can configure a prefix and suffix for the object name, and a time basis and data time zone for the stage. You can also configure the destination to add tags to the Amazon S3 objects that it creates.
You configure the authentication method that the destination uses to connect to Amazon S3.
The Amazon S3 destination can write data asynchronously to improve performance when writing to multiple prefixes. You can configure advanced properties to tune performance.
You can configure the destination to use Amazon Web Services server-side encryption to protect the data written to Amazon S3. You can also use a proxy user and compress data with gzip when writing to Amazon S3.
The Amazon S3 destination creates an object for each batch of data written to Amazon S3.
You can also use a connection to configure the destination.
The destination can generate events for an event stream. For more information about the event framework, see Dataflow Triggers Overview.
Authentication Method
You can configure the Amazon S3 destination to authenticate with Amazon Web Services (AWS) using an instance profile or AWS access keys. When accessing a public bucket, you can connect anonymously using no authentication.
For more information about the authentication methods and details on how to configure each method, see Security in Amazon Stages.
Bucket
When you configure the bucket where records should be written, you can specify an exact bucket name or you can use an expression that evaluates to a bucket name.
For example, to write to buckets based on data in the Type field, you can use the
following expression to define the bucket: ${record:value('/Type)}
.
With this expression, the destination writes records to buckets based on the data in the Type field. If an expression evaluates to a bucket that does not exist, the destination handles the record based on the error handling configured in the stage.
If you use datetime variables in the expression, be sure to configure the time basis for the stage.
Partition Prefix
You can use a partition prefix to organize objects by partitions. You can use the partition prefix to write to existing partitions or to create new partitions as needed. When a partition specified in the partition prefix does not exist, the destination creates the partition.
You can specify an exact partition name for the partition prefix, or you can use an expression that evaluates to a partition name.
For example, to write to partitions based on data in the Country field, you can use the
following expression as the partition prefix:
${record:value('/Country')}
.
With this expression, the destination writes records to partitions based on the country data in the record, and creates partitions for countries that do not already have a partition.
If you use datetime variables in the expression, be sure to configure the time basis for the stage. You might also need to configure the Data Time Zone property.
Time Basis and Data Time Zone for Time-Based Buckets and Partition Prefixes
The time basis and the data time zone comprises the time used by the Amazon S3 destination to write records to a time-based bucket or partition prefix. When the configured bucket or partition prefix does not include time-based functions, you can ignore the time basis property.
A bucket or partition prefix has a time component when it includes datetime variables,
such as ${YYYY()}
or ${DD()}
, or when it includes an
expression that evaluates to a datetime value, such as
${record:valueOrDefault("/Timestamp")}.
For details about datetime variables, see Datetime Variables.
- Processing Time
- When you use processing time as the time basis, the destination performs
writes based on the processing time and the configured bucket and partition
prefix. The processing time is the time associated with the Data Collector running the pipeline, by default. You can specify a different time zone
by configuring the Data Time Zone property. To use the processing time as
the time basis, use the following expression:
This is the default time basis.${time:now()}
- Record Time
- When you use the time associated with a record as the time basis, you specify a date field in the record. The destination writes data based on the datetimes associated with the records, adjusting for the value specified for the Data Time Zone property.
logs-${YYYY()}-${MM()}-${DD()}
If you use the time of processing as the time basis, the destination writes records to partitions based on when it processes each record. If you use the time associated with the data, such as a transaction timestamp, then the destination writes records to the partitions based on that timestamp. If a partition does not exist, the destination creates the needed partition.
${YYYY()}-${MM()}
If you use the time of processing as the time basis, the destination writes records to buckets based on when it processes each record. If you use the time associated with the data, such as a transaction timestamp, then the destination writes records to the buckets based on that timestamp. If a bucket does not exist, the destination handles the record based on the error record handling configured for the stage.
Object Names
<prefix>-<UTC timestamp>-<counter>
For example: sdc-1462405014177-1
.
You configure the object name prefix.
The UTC timestamp is the time when the object is created, to the millisecond. The counter is used when multiple objects are created in the same millisecond.
<prefix>-<UTC timestamp>-<counter>.<optional suffix>
For example: sdc-1462405014177-1.txt
.
Whole File Names
<prefix>-<results of the file name expression>
Add Tags to Objects
You can configure the Amazon S3 destination to add tags to the Amazon S3 objects that it creates. Tags are key-value pairs that you can use to categorize objects, such as product: <product>.
You can configure multiple tags. When you configure a tag, you can define a tag with just the key or specify a key and value.
For more information about tags, including Amazon S3 restrictions, see the Amazon S3 documentation.
Event Generation
The Amazon S3 destination can generate events that you can use in an event stream. When you enable event generation, the Amazon S3 destination generates event records each time after writing to an object or streaming a whole file.
- With the Amazon S3 executor to add metadata to closed objects or whole files after receiving an event.
- With the Spark executor to run a Spark application after receiving an event.
- With the Email executor to send a custom email
after receiving an event.
For an example, see Sending Email During Pipeline Processing.
- With a destination to store event information.
For an example, see Preserving an Audit Trail of Events.
For more information about dataflow triggers and the event framework, see Dataflow Triggers Overview.
Event Records
Record Header Attribute | Description |
---|---|
sdc.event.type | Event type. Uses one of the following types:
|
sdc.event.version | Integer that indicates the version of the event record type. |
sdc.event.creation_timestamp | Epoch timestamp when the stage created the event. |
- Object written
- The destination generates an object written event record when it completes writing to an object.
- Whole file processed
- The destination generates an event record when it completes streaming a
whole file. Whole file event records have the
sdc.event.type
record header attribute set towholeFileProcessed
and include the following fields:Field Description sourceFileInfo A map of attributes about the original whole file that was processed. The attribute names depend on the information provided by the origin system.
targetFileInfo A map of attributes about the whole file written to the destination system. The attributes include: - bucket - The bucket where the whole file is written.
- objectKey - The object key name that was written.
checksum Checksum generated for the written file. Included only when you configure the destination to include checksums in the event record.
checksumAlgorithm Algorithm used to generate the checksum. Included only when you configure the destination to include checksums in the event record.
Server-Side Encryption
You can configure the stage to use Amazon Web Services server-side encryption (SSE) to protect data written to Amazon S3. When configured for server-side encryption, the stage passes required server-side encryption configuration values to Amazon S3. Amazon S3 uses the values to encrypt the data as it is written to Amazon S3.
- Amazon S3-Managed Encryption Keys (SSE-S3)
- When you use server-side encryption with Amazon S3-managed keys, Amazon S3 manages the encryption keys for you.
- AWS KMS-Managed Encryption Keys (SSE-KMS)
- When you use server-side encryption with AWS Key Management Service (KMS), you specify the Amazon resource name (ARN) of the AWS KMS master encryption key that you want to use. You can also specify key-value pairs to use for the encryption context.
- Customer-Provided Encryption Keys (SSE-C)
- When you use server-side encryption with customer-provided keys, you specify
the following information:
- Base64 encoded 256-bit encryption key
- Base64 encoded 128-bit MD5 digest of the encryption key using RFC 1321
For more information about using server-side encryption to protect data in Amazon S3, see the Amazon S3 documentation.
Data Formats
The Amazon S3 destination writes data to Amazon S3 based on the data format that you select.
- Avro
- The destination writes records based on the Avro schema. You can use one of the following methods to specify the location of the Avro schema definition:
- Binary
- The stage writes binary data to a single field in the record.
- Delimited
- The destination writes records as delimited data. When you use this data format, the root field must be list or list-map.
- JSON
- The destination writes records as JSON data. You can use one of
the following formats:
- Array - Each file includes a single array. In the array, each element is a JSON representation of each record.
- Multiple objects - Each file includes multiple JSON objects. Each object is a JSON representation of a record.
- Parquet
- The destination writes an object for each partition and includes the Parquet schema in every object.
- Protobuf
- Writes a batch of messages in each file.
- SDC Record
- The destination writes records in the SDC Record data format.
- Text
- The destination writes data from a single text field to the destination system. When you configure the stage, you select the field to use.
- Whole File
- Streams whole files to the destination system. The destination writes the data to the file and location defined in the stage. If a file of the same name already exists, you can configure the destination to overwrite the existing file or send the current file to error.
Configuring an Amazon S3 Destination
-
In the Properties panel, on the General tab, configure the
following properties:
General Property Description Name Stage name. Description Optional description. Produce Events Generates event records when events occur. Use for event handling. Required Fields Fields that must include data for the record to be passed into the stage. Tip: You might include fields that the stage uses.Records that do not include all required fields are processed based on the error handling configured for the pipeline.
Preconditions Conditions that must evaluate to TRUE to allow a record to enter the stage for processing. Click Add to create additional preconditions. Records that do not meet all preconditions are processed based on the error handling configured for the stage.
On Record Error Error record handling for the stage: - Discard - Discards the record.
- Send to Error - Sends the record to the pipeline for error handling.
- Stop Pipeline - Stops the pipeline.
-
On the Amazon S3 tab, configure the following
properties:
Amazon S3 Property Description Connection Connection that defines the information required to connect to an external system. To connect to an external system, you can select a connection that contains the details, or you can directly enter the details in the pipeline. When you select a connection, Control Hub hides other properties so that you cannot directly enter connection details in the pipeline.
To create a new connection, click the Add New Connection icon: . To view and edit the details of the selected connection, click the Edit Connection icon: .
Authentication Method Authentication method used to connect to Amazon Web Services (AWS): - AWS Keys - Authenticates using an AWS access key pair.
- Instance Profile - Authenticates using an instance profile associated with the Data Collector EC2 instance.
- None - Connects to a public bucket using no authentication.
Access Key ID AWS access key ID. Required when using AWS keys to authenticate with AWS. Secret Access Key AWS secret access key. Required when using AWS keys to authenticate with AWS. Tip: To secure sensitive information such as access key pairs, you can use runtime resources or credential stores.Assume Role Temporarily assumes another role to authenticate with AWS. Role ARN Amazon resource name (ARN) of the role to assume, entered in the following format:
arn:aws:iam::<account_id>:role/<role_name>
Where
<account_id>
is the ID of your AWS account and<role_name>
is the name of the role to assume. You must create and attach an IAM trust policy to this role that allows the role to be assumed.Available when assuming another role.
Role Session Name Optional name for the session created by assuming a role. Overrides the default unique identifier for the session.
Available when assuming another role.
Session Timeout Maximum number of seconds for each session created by assuming a role. The session is refreshed if the pipeline continues to run for longer than this amount of time.
Set to a value between 3,600 seconds and 43,200 seconds.
Available when assuming another role.
Set Session Tags Sets a session tag to record the name of the currently logged in StreamSets user that starts the pipeline or the job for the pipeline. AWS IAM verifies that the user account set in the session tag can assume the specified role.
Select only when the IAM trust policy attached to the role to be assumed uses session tags and restricts the session tag values to specific user accounts.
When cleared, the connection does not set a session tag.
Available when assuming another role.
External ID External ID included in an IAM trust policy that allows the specified role to be assumed. Available when assuming another role.
Use Specific Region Specify the AWS region or endpoint to connect to. When cleared, the stage uses the Amazon S3 default global endpoint, s3.amazonaws.com.
Region AWS region to connect to. Select one of the available regions. To specify an endpoint to connect to, select Other. Endpoint Endpoint to connect to when you select Other for the region. Enter the endpoint name. Use Custom Endpoint Specify a specific signing region when connecting to a custom endpoint. When cleared, the stage uses the region specified in the endpoint.
Signing Region AWS region used by the custom endpoint. Bucket Bucket to use when writing records. Enter a bucket name or define an expression that evaluates to bucket names.
When using datetime variables in the expression, be sure to configure the time basis for the stage.
Common Prefix Common prefix that determines where objects are written. Partition Prefix Optional partition prefix to specify the partition to use. Use a specific partition prefix or define an expression that evaluates to a partition prefix.
When using datetime variables in the expression, be sure to configure the time basis for the stage.
Object Name Suffix Suffix to use for object names, such as txt or json. When used, the destination adds a period and the configured suffix as follows: <object name>.<suffix>. You can include periods within the suffix, but do not start the suffix with a period. Forward slashes are not allowed.
Not available for the whole file data format.
Object Ownership Determines ownership of the objects written to the bucket:- Default - Objects are written with the bucket owner enforced setting. Access control lists (ACLs) are disabled on the objects, and the bucket owner automatically owns and has full control over the objects. The bucket uses policies to define access control instead of ACLs.
- Bucket Owner Full Control - Objects are written with the bucket owner
preferred setting. ACLs are enabled on the object, and the object is assigned
the
bucket-owner-full-control
canned ACL.
Amazon S3 recommends using the default ownership to keep ACLs disabled except in unusual circumstances where you must control access for each object individually. For more information, see the Amazon S3 documentation.
Delimiter Delimiter used by Amazon S3 to define the prefix hierarchy. Default is slash ( / ).
Data Time Zone Time zone for the destination system. Used with the time basis to resolve datetimes in a time-based bucket or partition prefix.
Time Basis Time basis to use for writing to a time-based bucket or partition prefix. Use one of the following expressions:${time:now()}
- Uses the processing time as the time basis in conjunction with the specified Data Time Zone.- An expression that calls a field and resolves to a datetime value, such as
${record:value(<date field path>)}
. Uses the time associated with the record as the time basis, adjusted for the specified Data Time Zone.
When the Bucket and Partition Prefix properties have no time component, you can ignore this property.
Default is
${time:now()}
.Object Name Prefix Defines a prefix for object names written by the destination. By default, object names start with sdc
as follows:sdc-<UTC timestamp>-<counter>
.Compress with Gzip Compresses files with gzip before writing to Amazon S3. Add Tags Enables adding tags to the Amazon S3 objects that are created. Tags Tags to add to an object. Using simple or bulk edit mode, click Add Another to configure a tag. You can configure multiple tags. When you configure a tag, you can define a tag with just the key or specify a key and value.
-
On the SSE tab, optionally enable server-side
encryption:
SSE Property Description Use Server-Side Encryption Enables server-side encryption. Server-Side Encryption Option Option that Amazon S3 uses to manage the encryption keys: - SSE-S3 - Use Amazon S3-managed keys.
- SSE-KMS - Use Amazon Web Services KMS-managed keys.
- SSE-C - Use customer-provided keys.
Default is SSE-S3.
AWS KMS Key ARN Amazon resource name (ARN) of the AWS KMS master encryption key. Use the following format: <arn>:<aws>:<kms>:<region>:<acct ID>:<key>/<key ID>
Used for SSE-KMS encryption only.
Encryption Context Key-value pairs to use for the encryption context. Click Add to add key-value pairs. Used for SSE-KMS encryption only.
Customer Encryption Key The 256-bit and Base64 encoded encryption key to use. Used for SSE-C encryption only.
Customer Encryption Key MD5 The 128-bit and Base64 encoded MD5 digest of the encryption key according to RFC 1321. Used for SSE-C encryption only.
-
On the Advanced tab, optionally configure proxy
information and tune performance:
Advanced Property Description Connection Timeout Seconds to wait for a response before closing the connection. Socket Timeout Seconds to wait for a response to a query. Retry Count Maximum number of times to retry requests. Use Proxy Specifies whether to use a proxy to connect. Proxy Host Proxy host. Proxy Port Proxy port. Proxy User User name for proxy credentials. Proxy Password Password for proxy credentials. Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores.Proxy Domain Optional domain name for the proxy server. Proxy Workstation Optional workstation for the proxy server. Thread Pool Size for Parallel Uploads Size of the thread pool for parallel uploads. Used when working with multiple partitions and processing large objects in multiple parts. When working with multiple partitions, setting this property up to the number of partitions being used to can improve performance.
For more information about this and the following properties, see the Amazon S3 TransferManager documentation.
Multipart Upload Threshold Minimum batch size in bytes for multipart uploads. Minimum Upload Part Size Minimum part size in bytes for multipart uploads. -
On the Data Format tab, configure the following
property:
Data Format Property Description Data Format Data format to write data: - Avro
- Binary
- Delimited
- JSON
- Parquet
- Protobuf
- SDC Record
- Text
- Whole
FileNote: When writing whole files to Amazon S3, the IAM policy that the destination uses requires permission to list the contents of the bucket.
-
For Avro data, on the Data Format tab, configure the
following properties:
Avro Property Description Avro Schema Location Location of the Avro schema definition to use when writing data: - In Pipeline Configuration - Use the schema that you provide in the stage configuration.
- In Record Header - Use the schema in the avroSchema record header attribute. Use only when the avroSchema attribute is defined for all records.
- Confluent Schema Registry - Retrieve the schema from Confluent Schema Registry.
Avro Schema Avro schema definition used to write the data. You can optionally use the
runtime:loadResource
function to load a schema definition stored in a runtime resource file.Register Schema Registers a new Avro schema with Confluent Schema Registry. Schema Registry URLs Confluent Schema Registry URLs used to look up the schema or to register a new schema. To add a URL, click Add and then enter the URL in the following format: http://<host name>:<port number>
Basic Auth User Info User information needed to connect to Confluent Schema Registry when using basic authentication. Enter the key and secret from the
schema.registry.basic.auth.user.info
setting in Schema Registry using the following format:<key>:<secret>
Tip: To secure sensitive information such as user names and passwords, you can use runtime resources or credential stores.Look Up Schema By Method used to look up the schema in Confluent Schema Registry: - Subject - Look up the specified Avro schema subject.
- Schema ID - Look up the specified Avro schema ID.
Schema Subject Avro schema subject to look up or to register in Confluent Schema Registry. If the specified subject to look up has multiple schema versions, the destination uses the latest schema version for that subject. To use an older version, find the corresponding schema ID, and then set the Look Up Schema By property to Schema ID.
Schema ID Avro schema ID to look up in Confluent Schema Registry. Include Schema Includes the schema in each file. Note: Omitting the schema definition can improve performance, but requires the appropriate schema management to avoid losing track of the schema associated with the data.Avro Compression Codec The Avro compression type to use. When using Avro compression, do not enable other compression available in the destination.
-
For binary data, on the Data Format tab, configure the
following property:
Binary Property Description Binary Field Path Field that contains the binary data. -
For delimited data, on the Data Format tab, configure the
following properties:
Delimited Property Description Delimiter Format Format for delimited data: - Default CSV - File that includes comma-separated values. Ignores empty lines in the file.
- RFC4180 CSV - Comma-separated file that strictly follows RFC4180 guidelines.
- MS Excel CSV - Microsoft Excel comma-separated file.
- MySQL CSV - MySQL comma-separated file.
- Tab-Separated Values - File that includes tab-separated values.
- PostgreSQL CSV - PostgreSQL comma-separated file.
- PostgreSQL Text - PostgreSQL text file.
- Custom - File that uses user-defined delimiter, escape, and quote characters.
Header Line Indicates whether to create a header line. Delimiter Character Delimiter character for a custom delimiter format. Select one of the available options or use Other to enter a custom character. You can enter a Unicode control character using the format \uNNNN, where N is a hexadecimal digit from the numbers 0-9 or the letters A-F. For example, enter \u0000 to use the null character as the delimiter or \u2028 to use a line separator as the delimiter.
Default is the pipe character ( | ).
Record Separator String Characters to use to separate records. Use any valid Java string literal. For example, when writing to Windows, you might use \r\n to separate records. Available when using a custom delimiter format.
Escape Character Escape character for a custom delimiter format. Select one of the available options or use Other to enter a custom character. Default is the backslash character ( \ ).
Quote Character Quote character for a custom delimiter format. Select one of the available options or use Other to enter a custom character. Default is the quotation mark character ( " ).
Replace New Line Characters Replaces new line characters with the configured string. Recommended when writing data as a single line of text.
New Line Character Replacement String to replace each new line character. For example, enter a space to replace each new line character with a space. Leave empty to remove the new line characters.
Charset Character set to use when writing data. -
For JSON data, on the Data Format tab, configure the
following properties:
JSON Property Description JSON Content Method to write JSON data: - JSON Array of Objects - Each file includes a single array. In the array, each element is a JSON representation of each record.
- Multiple JSON Objects - Each file includes multiple JSON objects. Each object is a JSON representation of a record.
Charset Character set to use when writing data. -
For Parquet data, on the Data Format tab, configure the
following properties:
Parquet Property Description Parquet Schema Location Location to load the Parquet schema from: - Parquet Schema in Record Header - Uses the schema in
the
parquetSchema
record header attribute. - In Pipeline Configuration - Uses the schema you provide in the stage configuration.
- Infer from records - The destination infers the schema from the first record of the first batch of data.
Nullable Fields Allow null values in schema fields. Default is enabled.
Parquet Compression Codec Compression type for output files: - Uncompressed
- GZIP
- LZO
- Snappy
Parquet Format Version Parquet file format version to use. Parquet Row Group Size (bytes) Maximum size in bytes of a row group being buffered in memory. The size of a row group is defined by the batch size, but you can limit it to restrict the memory usage for the write.
Parquet Page Size (bytes) Page size in bytes for compressed pages. Parquet Max Padding Size (bytes) Maximum size in bytes of allowed padding to align rows. Enable Parquet Dictionary Encoding Enables Parquet dictionary encoding. There is one dictionary page per column per group when dictionary encoding is enabled.
Parquet Dictionary Page Size (bytes) Page size in bytes for dictionary pages. - Parquet Schema in Record Header - Uses the schema in
the
-
For protobuf data, on the Data Format tab, configure the
following properties:
Protobuf Property Description Protobuf Descriptor File Descriptor file (.desc) to use. The descriptor file must be in the Data Collector resources directory, $SDC_RESOURCES
.For more information about environment variables, see Java and Security Configuration. For information about generating the descriptor file, see Protobuf Data Format Prerequisites.
Message Type Fully-qualified name for the message type to use when writing data. Use the following format:
Use a message type defined in the descriptor file.<package name>.<message type>
. -
For text data, on the Data Format tab, configure the
following properties:
Text Property Description Text Field Path Field that contains the text data to be written. All data must be incorporated into the specified field. Record Separator Characters to use to separate records. Use any valid Java string literal. For example, when writing to Windows, you might use \r\n to separate records. By default, the destination uses \n.
On Missing Field When a record does not include the text field, determines whether the destination reports the missing field as an error or ignores the missing field. Insert Record Separator if No Text When configured to ignore a missing text field, inserts the configured record separator string to create an empty line. When not selected, discards records without the text field.
Charset Character set to use when writing data. -
For whole files, on the Data Format tab, configure the
following properties:
Whole File Property Description File Name Expression Expression to use for the file names.
For tips on how to name files based on input file names, see Writing Whole Files.
File Exists Action to take when a file of the same name already exists in the output directory. Use one of the following options: - Send to Error - Handles the record based on stage error record handling.
- Overwrite - Overwrites the existing file.
Include Checksum in Events Includes checksum information in whole file event records. Use only when the destination generates event records.
Checksum Algorithm Algorithm to generate the checksum.