From 64453e2a10e336916f5d62e8ff7ab48eb1f2aaa8 Mon Sep 17 00:00:00 2001 From: Meggielqk <126552073+Meggielqk@users.noreply.github.com> Date: Mon, 15 Sep 2025 11:26:17 +0800 Subject: [PATCH 1/2] update(S3): Update config method for access keys https://emqx.atlassian.net/browse/EMQX-14526 --- en_US/data-integration/s3.md | 15 +++++++++++---- zh_CN/data-integration/s3.md | 27 ++++++++++++++++++++++----- 2 files changed, 33 insertions(+), 9 deletions(-) diff --git a/en_US/data-integration/s3.md b/en_US/data-integration/s3.md index 6b6b053c0..3ecd5f16c 100644 --- a/en_US/data-integration/s3.md +++ b/en_US/data-integration/s3.md @@ -68,7 +68,9 @@ EMQX supports Amazon S3 and other S3-compatible storage services. You can use AW 1. In the [AWS S3 Console](https://console.amazonaws.cn/s3/home), click the **Create bucket** button. Follow the instructions to enter the relevant information, such as bucket name and region, to create an S3 bucket. For detailed operations, refer to the [AWS Documentation](https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-bucket.html). 2. Set bucket permissions. After the bucket is created successfully, select the bucket and click the **Permissions** tab. Based on your needs, you can set the bucket to public read/write, private, or other permissions. -3. Obtain access keys. In the AWS Console, search for and select the **IAM** service. Create a new user for S3 and obtain the Access Key and Secret Key. +3. Obtain access keys. + - **Manual Configuration**: In the AWS Console, search for and select the **IAM** service. Create a new user for S3 and obtain the Access Key ID and Secret Access Key. See [AWS guide: Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). + - **Automatic Retrieval (EC2 only)**: If EMQX is running on **AWS EC2**, attach an **IAM role** with sufficient permissions. EMQX can automatically fetch temporary credentials from **IMDSv2**. See [AWS guide: IAM roles for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html). With the Amazon S3 bucket created and configured, you are now ready to create an Amazon S3 Sink in EMQX. @@ -109,13 +111,18 @@ Before adding the S3 Sink, you need to create the corresponding connector. 1. Go to the Dashboard **Integration** -> **Connector** page. 2. Click the **Create** button in the top right corner. -3. Select **Amazon S3** as the connector type and click next. -4. Enter the connector name, a combination of upper and lowercase letters and numbers. Here, enter `my-s3`. +3. Select **Amazon S3** as the connector type and click **Next**. +4. Enter a name for the connector. The name must start with a letter or number and can contain letters, numbers, hyphens, or underscores. In this example, enter `my-s3`. 5. Enter the connection information. - If you are using the Amazon S3 bucket, enter the following information: - **Host**: The host varies by region and is formatted as `s3.{region}.amazonaws.com`. - **Port**: Enter `443`. - - **Access Key ID** and **Secret Access Key**: Enter the access keys created in AWS. + - **Access Key ID** and **Secret Access Key**: + + - Enter the access keys created in AWS, or + - Leave blank if running EMQX on EC2 with an attached IAM role. + + See the "Amazon S3" tab in [Prepare S3 Bucket](#prepare-s3-bucket) for details. - If you are using MinIO, enter the following information: - **Host**: Enter `127.0.0.1`. If you are running MinIO remotely, enter the actual host address. - **Port**: Enter `9000`. diff --git a/zh_CN/data-integration/s3.md b/zh_CN/data-integration/s3.md index 57e5c1e15..9765cf472 100644 --- a/zh_CN/data-integration/s3.md +++ b/zh_CN/data-integration/s3.md @@ -67,7 +67,9 @@ EMQX 支持 Amazon S3 以及兼容 S3 的存储服务,您可以使用 AWS 云 1. 在 [AWS S3 控制台](https://console.amazonaws.cn/s3/home)中,点击**创建存储桶**按钮。然后按照向导的指示填写相关信息,如存储桶名称(例如 `iot-data`)、区域等,创建一个 S3 存储桶。详细操作可参考 [AWS 文档](https://docs.amazonaws.cn/AmazonS3/latest/userguide/creating-bucket.html)。 2. 设置存储桶权限:在存储桶创建成功后,选择该存储桶,并点击**权限**选项卡,根据需求可以为存储桶选择公共读写、私有等权限。 -3. 获取访问密钥:在 AWS 控制台中,搜索并选择 **IAM** 服务,为 S3 创建一个新的用户,获取 Access Key 和 Secret Key。 +3. 获取访问密钥: + - **手动配置**:在 AWS 控制台中搜索并选择 **IAM** 服务,为 S3 创建新的用户,并获取**访问密钥 ID** 和**访问密钥**。参见 [AWS 指南:管理访问密钥](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html)。 + - **自动获取(仅适用于 EC2)**:如果 EMQX 运行在 **AWS EC2** 上,请为实例绑定具备足够权限的 **IAM 角色**。EMQX 将通过 **IMDSv2** 自动获取临时凭证。参见 [AWS 指南:对 Amazon EC2 上的应用程序使用角色](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html)。 至此,您已经完成了 S3 存储桶的创建与配置,接下来我们将在 EMQX 中创建 Amazon S3 Sink。 @@ -107,11 +109,26 @@ EMQX 支持 Amazon S3 以及兼容 S3 的存储服务,您可以使用 AWS 云 1. 转到 Dashboard **集成** -> **连接器**页面。 2. 点击页面右上角的**创建**。 -3. 在连接器类型中选择 **Amazon S3**,点击下一步。 -4. 输入连接器名称,要求是大小写英文字母和数字的组合。这里我们输入 `my-s3`。 +3. 在连接器类型中选择 **Amazon S3**,点击**下一步**。 +4. 输入连接器名称。名称必须以字母或数字开头,可以包含字母、数字、连字符或下划线。例如: `my-s3`。 5. 输入连接信息: - - 对于 AWS S3:**主机**根据区域不同,格式为 `s3.{region}.amazonaws.com`,**端口**填写 `443`,**访问密钥 ID** 和**私有访问密钥**填写 AWS 中创建的访问密钥。 - - 对于 MinIO:**主机**填写 `127.0.0.1` (如果 MinIO 在远程运行,填写实际地址),**端口**填写 `9000`,**访问密钥 ID** 和**私有访问密钥**填写 MinIO 中创建的访问密钥。 + - 如果使用 AWS S3 存储桶,请输入以下信息: + + - **主机**:根据区域不同,格式为 `s3.{region}.amazonaws.com`。 + + - **端口**:填写 `443`。 + + - **访问密钥 ID** 和**私有访问密钥**: + + - 填写在 AWS 中创建的访问密钥,或者 + - 如果 EMQX 运行在已绑定 IAM 角色的 EC2 上,可留空。 + + 详细说明请参见[准备 S3 存储桶](#准备-s3-存储桶)中的 Amazon S3 标签页。 + - 如果使用 MinIO: + + - **主机**:填写 `127.0.0.1` (如果 MinIO 在远程运行,填写实际地址)。 + - **端口**:填写 `9000`。 + - **访问密钥 ID** 和**私有访问密钥**:填写 MinIO 中创建的访问密钥。 6. 点击**创建**之前,您可以先点击**测试连接**来测试连接器是否可以连接到 S3 服务。 7. 点击最下方**创建**按钮完成连接器创建。 From 310f78e07c0e66d9b7d9e1541bbeb0b1d3b553aa Mon Sep 17 00:00:00 2001 From: Meggielqk <126552073+Meggielqk@users.noreply.github.com> Date: Mon, 29 Sep 2025 16:46:41 +0800 Subject: [PATCH 2/2] Update en_US/data-integration/s3.md Co-authored-by: Ivan Dyachkov --- en_US/data-integration/s3.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/en_US/data-integration/s3.md b/en_US/data-integration/s3.md index 3ecd5f16c..5f8bb8043 100644 --- a/en_US/data-integration/s3.md +++ b/en_US/data-integration/s3.md @@ -70,7 +70,7 @@ EMQX supports Amazon S3 and other S3-compatible storage services. You can use AW 2. Set bucket permissions. After the bucket is created successfully, select the bucket and click the **Permissions** tab. Based on your needs, you can set the bucket to public read/write, private, or other permissions. 3. Obtain access keys. - **Manual Configuration**: In the AWS Console, search for and select the **IAM** service. Create a new user for S3 and obtain the Access Key ID and Secret Access Key. See [AWS guide: Managing access keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html). - - **Automatic Retrieval (EC2 only)**: If EMQX is running on **AWS EC2**, attach an **IAM role** with sufficient permissions. EMQX can automatically fetch temporary credentials from **IMDSv2**. See [AWS guide: IAM roles for Amazon EC2](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html). + - **Automatic Retrieval (EC2 only)**: If EMQX is running on **AWS EC2**, [attach an **IAM role**](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html) with sufficient permissions. EMQX can automatically fetch temporary credentials from Instance Metadata via [**IMDSv2** API](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/instance-metadata-security-credentials.html). With the Amazon S3 bucket created and configured, you are now ready to create an Amazon S3 Sink in EMQX.