# AWS S3 DinMo allows you to export your data models and segments to an Amazon S3 bucket. Generated files (Parquet, CSV, JSON, XML, etc.) are uploaded directly to your bucket. This guide walks you through the setup of an S3 connection using either **Cross-Account Role** or **Access Key** authentication. > πŸ’‘ For more information on destination types, see our [Core Concepts page](/core-concepts.md). ### Prerequisites Ensure you have access to the AWS account hosting the S3 bucket and the required permissions: * To use **Cross-Account Role**, you must be able to create IAM roles and policies. * To use **Access Key**, you need valid AWS credentials with appropriate S3 permissions. *** ### Add AWS S3 as a Platform in DinMo 1. In DinMo, go to **Destinations**. 2. Click **Add a new destination**. 3. Select **Connect a new platform** and choose **AWS S3**. 4. Enter: * A **Platform Name** (for identification). * The **S3 Bucket Name** where files will be sent. 5. Choose an **Authentication Method**: * **Cross-Account** * **Access Key** DinMo will adapt the form based on your selection. *** ### Cross-Account Role Authentication In this setup, DinMo AWS account assumes a role in your AWS account to upload files securely. #### DinMo Role Information * **DinMo Role ARN**:\ `arn:aws:iam::724998534403:role/DinmoS3AccessorRole-dinmo-prod` * **External ID**:\ A unique string generated by DinMo during setup (e.g., `40cef540-b3b4-4e86-b343-2fde3a6f0396`) #### Create an IAM Role in Your AWS Account **Step 1 – Trust Policy** Create a new IAM Role with this trust relationship (replace `EXTERNAL_ID`): ```json { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::724998534403:role/DinmoS3AccessorRole-dinmo-prod" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "EXTERNAL_ID" } } } ] } ``` **Step 2 – Permissions Policy** Attach this policy to grant S3 access (replace `${bucketName}`): ```json { "Version": "2025-10-17", "Statement": [ { "Sid": "AllowDinMoS3Write", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::${bucketName}", "arn:aws:s3:::${bucketName}/*" ] } ] } ``` *** ### Access Key Authentication If you don’t want to create IAM roles, you can connect using AWS credentials. #### Required Fields * **AWS Access Key ID** * **AWS Secret Access Key** * **AWS Region** * **S3 Bucket Name** > πŸ” These credentials must allow write access to your specified bucket. #### Sample IAM Policy The user associated with these credentials should have at least: ```json { "Version": "2025-10-17", "Statement": [ { "Sid": "AllowDinMoAccessKeyWrite", "Effect": "Allow", "Action": [ "s3:PutObject", "s3:AbortMultipartUpload", "s3:ListMultipartUploadParts", "s3:ListBucketMultipartUploads" ], "Resource": [ "arn:aws:s3:::${bucketName}", "arn:aws:s3:::${bucketName}/*" ] } ] } ``` *** ### Validate & Test Connection Once all required fields are filled: * Click **Connect** in DinMo. * DinMo will test access by attempting a write operation. * If it fails, verify: * IAM Role ARN and External ID (for cross-account) * Access Key credentials and region * Bucket permissions and policies --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.dinmo.io/integrations/destination-platforms/aws-s3.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.