AWS S3

Transfer data at scale from your data warehouse to your apps through AWS using DinMo

DinMo allows you to export your data models and segments to an Amazon S3 bucket. Generated files (Parquet, CSV, JSON, XML, etc.) are uploaded directly to your bucket. This guide walks you through the setup of an S3 connection using either Cross-Account Role or Access Key authentication.

πŸ’‘ For more information on destination types, see our Core Concepts page.

1. Prerequisites

Ensure you have access to the AWS account hosting the S3 bucket and the required permissions:

  • To use Cross-Account Role, you must be able to create IAM roles and policies.

  • To use Access Key, you need valid AWS credentials with appropriate S3 permissions.

2. Add AWS S3 as a Platform in DinMo

  1. In DinMo, go to Destinations.

  2. Click Add a new destination.

  3. Select Connect a new platform and choose AWS S3.

  4. Enter:

    • A Platform Name (for identification).

    • The S3 Bucket Name where files will be sent.

  5. Choose an Authentication Method:

    • Cross-Account

    • Access Key

DinMo will adapt the form based on your selection.

3. Cross-Account Role Authentication

In this setup, DinMo AWS account assumes a role in your AWS account to upload files securely.

3.1 DinMo Role Information

  • DinMo Role ARN: arn:aws:iam::724998534403:role/DinmoS3AccessorRole-dinmo-prod

  • External ID: A unique string generated by DinMo during setup (e.g., 40cef540-b3b4-4e86-b343-2fde3a6f0396)

3.2 Create an IAM Role in Your AWS Account

Step 1 – Trust Policy

Create a new IAM Role with this trust relationship (replace EXTERNAL_ID):

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::724998534403:role/DinmoS3AccessorRole-dinmo-prod"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "EXTERNAL_ID"
        }
      }
    }
  ]
}

Step 2 – Permissions Policy

Attach this policy to grant S3 access (replace ${bucketName}):

{
  "Version": "2025-10-17",
  "Statement": [
    {
      "Sid": "AllowDinMoS3Write",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": [
        "arn:aws:s3:::${bucketName}",
        "arn:aws:s3:::${bucketName}/*"
      ]
    }
  ]
}

4. Access Key Authentication

If you don’t want to create IAM roles, you can connect using AWS credentials.

Required Fields

  • AWS Access Key ID

  • AWS Secret Access Key

  • AWS Region

  • S3 Bucket Name

πŸ” These credentials must allow write access to your specified bucket.

Sample IAM Policy

The user associated with these credentials should have at least:

{
  "Version": "2025-10-17",
  "Statement": [
    {
      "Sid": "AllowDinMoAccessKeyWrite",
      "Effect": "Allow",
      "Action": [
        "s3:PutObject",
        "s3:AbortMultipartUpload",
        "s3:ListMultipartUploadParts",
        "s3:ListBucketMultipartUploads"
      ],
      "Resource": [
        "arn:aws:s3:::${bucketName}",
        "arn:aws:s3:::${bucketName}/*"
      ]
    }
  ]
}

5. Validate & Test Connection

Once all required fields are filled:

  • Click Connect in DinMo.

  • DinMo will test access by attempting a write operation.

  • If it fails, verify:

    • IAM Role ARN and External ID (for cross-account)

    • Access Key credentials and region

    • Bucket permissions and policies

PreviousSynchronize UsersNextExport your data models and segments to AWS S3

Last updated