Skip to main content

S3

Summary

This document covers the information to gather from S3 in order to configure a Qarbine data service. The data service will use the Qarbine AWS_S3 driver. You can define multiple data services that access the same S3 bucket though with varying credentials. Once a data service is defined, you can manage which Qarbine principals have access to it and its associated objects. A Qarbine administrator has visibility to all data services.

S3 Configuration

Overview

Qarbine uses its AWS S3 driver to interact with S3 buckets and objects. There are several parameters to obtain to configure interaction:

  • Region,
  • Access key ID, and
  • Secret access key.

The region can be determined in the upper right on the AWS console.

  

To define access credentials:

  1. Go to the AWS Management Console.
  1. Navigate to the IAM (Identity and Access Management) service.
  1. Create a new user or use an existing one.
  1. Attach a policy (like AmazonS3ReadOnlyAccess or a custom policy) that grants access to your S3 bucket.
  1. After creating the user, download or copy the Access Key ID and Secret Access Key into a temporary location.

Also review the other security settings in your bucket.

Qarbine Configuration

Compute Node Preparation

Determine which compute node service endpoint you want to run this data access from. That URL will go into the Data Service’s Compute URL field. Its form is “https://domain:port/dispatch”. A sample is shown below.

  

The port number corresponds to a named service endpoint configured on the given target host. For example, the primary compute node usually is set to have a ‘main’ service. That service’s configuration is defined in the ˜./qarbine.service/config/service.main.json file. Inside that file the following driver entry is required

"drivers" :[
 . . .
"./driver/awsS3Driver.js"
]

The relevant configuration file name for non primary (main) Qarbine compute nodes is service.NAME.json. Remember to have well formed JSON syntax or a startup error is likely to occur. If you end up adding that entry then restart the service via the general command line syntax

pm2 restart <service>

For example,

pm2 restart main

or simply

pm2 restart all

Data Service Definition

Open the Administration Tool.

Navigate to the Data Services tab.

  

A data service defines on what compute node a query will run by default along with the means to reach to target data. The latter includes which native driver to use along with settings corresponding to that driver. Multiple Data Sources can reference a single Data Service. The details of any one Data Service are thus maintained in one spot and not spread out all over the place in each Data Source. The latter is a maintenance and support nightmare.

To begin adding a data service click

  

On the right hand side enter a name and optionally a description.

Set the name and any description

  

Set the Compute URL field based on the identified compute node above. Its form is “https://domain:port/dispatch”. A sample is shown below.

  

Set the driver

  

Set the optional driver options as desired

staleResourcesSeconds=60,
preferredSyntax=sql

The staleResourcesSeconds value indicates how long the list of objects can be cached. The objects are shown in the Data Source Designer, QBE, and RBE tools. The preferredSyntax is used by the Query By Example and Report By Example tools.

You can leave the server template empty to use the default S3 endpoint.

  

Set the server options such as

region=us-east-1,
accessKeyId = "1234567890",
secretAccessKey="abcdefghijklmnop12345678901234567890"

The latter 2 values are from the IAM information you obtained in the first section. For example,

  

The data options are optional. Its format is “files=CSV list of files and rules”. Element values can be:

  • NoInnerFolders,
  • A +.json entry states to always include file names ending with.json,
  • A -.json entry states to exclude file names ending with.json, and
  • A -file states to exclude this given file or folder relative to the base directory.

You can limit the bucket by setting the generic “Database” field.

  

The associated IAM policy should be the primary bucket visibility and interaction enforcement mechanism.

Test your settings by clicking on the toolbar image highlighted below.

  

The result should be

  

Save the Data Service by clicking on the image highlighted below.

  

The data service will be known at the next log on time. Next, see the AWS S3 query interaction and any tutorial for information on interacting with S3 from Qarbine.