---
title: "About Amazon S3 prerequisites"
slug: "about-amazon-s3-prerequisites"
description: "Set up Amazon S3 as a Supermetrics destination by meeting prerequisites like permissions, access keys, and IP allowlisting for seamless data transfer."
updated: 2026-03-25T12:57:35Z
published: 2026-03-25T12:57:35Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.supermetrics.com/llms.txt
> Use this file to discover all available pages before exploring further.

# About Amazon S3 prerequisites

To start using Amazon S3 as a Supermetrics destination, some requirements need to be met. These prerequisites ensure that a working connection can be set up to successfully transfer data to your Amazon S3 bucket.

> [!NOTE]
> About permissions
> 
> You may need specific permissions to verify these prerequisites are met. If you are unable to access some information, please contact your AWS admin.

## Prerequisites

### Amazon S3 bucket

You need an existing [Amazon S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/UsingBucket.html)set up to be used as a destination.

### Permissions

The permission **putObject** is required for the S3 bucket or subfolder that is to be used as the destination.

In addition, the permission **deleteObject** is useful, though not required. This permission can automatically remove an empty file generated in the setup testing phase.

See Amazon S3 documentation to learn more about [action permissions](https://docs.aws.amazon.com/AmazonS3/latest/userguide/using-with-s3-actions.html).

## Authentication methods

Choose one of the following methods to authorize Supermetrics:

****Method 1: IAM Role (Recommended)****

This method involves creating a Role in your AWS account that trusts Supermetrics up upload files.

**AWS cluster requirement**: IAM Role authentication is only available if your Supermetrics team is hosted on the **AWS cluster**. If you’re unsure which cluster your team is on, contact [Supermetrics support](https://supermetrics.com/support) before proceeding.

**Note**: The AWS configuration instructions in Steps 1 and 2 show one example approach. There are multiple ways to create policies and roles in AWS - you are free to use your preferred method as long as the end results grants the equivalent permisssions.

**Step 1: Create the Permission policy**

This policy defines *what* Supermetrics is allowed to do, in this scenario to upload files to a specific bucket.

1. Log in to your AWS console and navigate to **IAM** and then select **policies**.
2. Click **Create policy**.
3. Switch to the **JSON** tab and paste the following policy. **Replace**`YOUR_BUCKET_NAME`**with a name of your choosing**.

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "SupermetricsS3Access",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetBucketLocation",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::YOUR_BUCKET_NAME",
                "arn:aws:s3:::YOUR_BUCKET_NAME/*"
            ]
        }
    ]
}
```
4. Name the policy, SupermetricsS3WritePolicy for example, and then create it.

**Step 2: Create the IAM Role**

This policy defines who is allowed to use the permissions, which is the Supermetrics Application in this case.

1. Navigate to **IAM > Roles**.
2. Click **Create role**.
3. Select **Custom trust policy** as the trusted entity type.
4. Paste the following trust policy. This grants Supermetrics’ AWS role the ability to assume your role:

```json
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::043417694514:role/supermetrics-s3-role"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
```

**Important**: The ARN `arn:aws:iam::043417694514:role/supermetrics-s3-role` is Supermetrics' external role. This must be set exactly as shown — it is what authorizes Supermetrics to assume your role.
5. Click **Next**.
6. Search for and select the permissions policy that you created in Step 1.
7. Name the role, Supermetrics S3IntegrationRole for example and create it.

**Step 3: Configure Supermetrics**

1. In the AWS console, click the Role you just created.
2. Copy the **Role ARN**, in this example `arn:aws:iam::043417694514:role/SupermetricsS3IntegrationRole`
3. Go to the Supermetrics destination configuration.
4. Under **Authentication method**, select **IAM role**.
5. Paste the ARN into the **IAM role ARN field**.
6. Enter your **Bucket name** and **Region code**.
7. (Optional) If your S3 bucket uses a KMS customer-managed encryption key, enter the KMS key ARN in the **KMS key ARN field**. If your bucket uses default AWS-managed encryption, leave this blank.
8. Save and test the connection.

****Method 2: Access Key (Standard)****

To authorize the use of your Amazon S3 bucket as a destination, you need the access key of your AWS user. Find or generate the access key in the [AWS Management Console](https://aws.amazon.com/console/) under **My Security Credentials**. Access keys generated using different methods can't be used to authenticate in this case.

Each access key comes with an access key ID and a corresponding secret access key. Both are needed in the destination setup.

See Amazon S3 documentation to learn more about [managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html).

### IP allowlisting

If your IAM policy only allows requests from selected IP addresses, IP allowlisting is needed. [You need to add these Supermetrics IP addresses](/v1/docs/about-ip-address-allowlisting-for-data-warehouse-destinations) to the **Request Conditions** in the IAM policy of your AWS user. Don't forget to add your own IP address to avoid losing access to your bucket.

See AWS documentation for details on [limiting access to specific IP addresses](https://docs.aws.amazon.com/AmazonS3/latest/userguide/example-bucket-policies.html#example-bucket-policies-use-case-3).

## More resources

- [How to create a destination](/v1/docs/how-to-connect-to-a-data-warehouse-destination)
- [How to configure an Amazon S3 destination](/v1/docs/how-to-configure-an-amazon-s3-destination)
- [How to create a transfer](/v1/docs/how-to-create-a-transfer)