Steps to add an AWS S3 bucket as a data destination

Step 1: Set up destination S3 bucket

Create bucket

  1. Navigate to the S3 service page.
  2. Click Create bucket.
  3. Enter a Bucket name and modify any of the default settings as desired.
    Note: Object Ownership can be set to "ACLs disabled" and Block Public Access settings for this bucket can be set to "Block all public access" as recommended by AWS. Make note of the Bucket name and AWS Region.
  4. Click Create bucket.

Step 2: Create policy and IAM user

Create policy

  1. Navigate to the IAM service page.
  2. Navigate to the Policies navigation tab, and click Create policy.
  3. Click the JSON tab, and paste the following policy, being sure to replace BUCKET_NAME with the name of the bucket chosen in Step 1.
    "Version": "2012-10-17",
    "Statement": [
            "Effect": "Allow",
            "Action": "s3:PutObject",
            "Resource": "arn:aws:s3:::BUCKET_NAME/*"
  1. Click Next: Tags, click Next: Review.
  2. Name the policy, add a description, and click Create policy.

Create user

  1. Navigate to the IAM service page.
  2. Navigate to the Users navigation tab, and click Add users.
  3. Enter a User name for the service, for example, transfer-service. Under Select AWS access type, select the Access key - Programatic access option. Click Next: Permissions.
  4. Click the Attach existing policies directly option, and search for the name of the policy created in the 5. previous step. Select the policy, and click Next: Tags.
  5. Click Next: Review and click Create user.
  6. In the Success screen, record the Access key ID and the Secret access key.