Page tree

Trifacta SaaS




Feature Availability: This feature may not be available in all product editions.

You can create connections to specific S3 buckets through the Trifacta application.  These connections to S3 enable workspace users to read from and write to specific S3 buckets. 

Simple Storage Service (S3) is an online data storage service provided by Amazon, which provides low-latency access through web services. For more information, see


Before you begin, please verify that your Trifacta® environment meets the following requirements:

  • Integration: Your  Trifacta instance is connected to a running environment supported by your product edition.

  • Multiple region: Multiple S3 connections can be configured in different regions.

  • Verify that Enable S3 Connectivity has been enabled in the Workspace Settings Page

  • Acquire the Access Key ID and Secret Key for the S3 bucket or buckets to which you are connecting. For more information on acquiring your key/secret combination, contact your S3 administrator.


Access to S3 requires:

  • Each user must have appropriate permissions to access S3.

    NOTE: If a user does not have write permissions to the specified S3 bucket, publishing jobs to the bucket fail.

  • To browse multiple buckets through a single S3 connection, additional permissions are required. See below.


  • Authentication using IAM roles is not supported.
  • Automatic region detection in the create and edit connection is not supported.
  • Publishing the output to multi-part files is not supported.

    NOTE: For some file formats, like Parquet, multi-part files are the default output.

  • Publishing the output using compression option is not supported for Trifacta Photon jobs.

    Workaround: If you need to generate an output using compression to this S3 bucket, you can run the job on another running environment.

Create Connection

You can create additional S3 connections by the following method:

Create through application

You can create a S3 connection through the application.


  1. Login to the application.
  2. In the left navigation bar, click the Connections icon.
  3. In the Create Connection page, click the External Amazon S3  card.

  4. Specify the connection properties:


    (Optional) The default S3 bucket to which to connect. When the connection is first accessed for browsing, the contents of this bucket are displayed.

    If this value is not provided, then the list of available buckets based on the key/secret combination is displayed when browsing through the connection.

    NOTE: To see the list of available buckets, the connecting user must have the getBucketList permission. If that permission is not present and no default bucket is listed, then the user cannot browse S3.

    Access Key ID

    Access Key ID for the S3 connection.

    Secret Key

    Secret Key for the S3 connection.

    Server Side EncryptionIf server-side encryption has been enabled on your bucket, you can select the server-side encryption policy to use when writing to the bucket. SSE-S3 and SSE-KMS methods are supported.  For more information, see
    Server Side Kms key Id

    When KMS encryption is enabled, you must specify the AWS KMS key ID to use for the server-side encryption. For more information, see "Server Side KMS Key Identifier" below.

    For more information on the other options, see Create Connection Window.

  5. Click Save

Server Side KMS Key Identifier

When KMS encryption is enabled, you must specify the AWS KMS key ID to use for the server-side encryption.

The format for referencing this key is the following:


You can use an AWS alias in the following formats. The format of the AWS-managed alias is the following:


The format for a custom alias is the following:



<FSR> is the name of the alias for the entire key.

Create via API

For more information on the vendor and type information to use, see Connection Types.

For more information, see  Trifacta API Reference docs: Enterprise | Professional | Premium

Java VFS Service

The Java VFS Service has been modified to handle an optional connection ID, enabling S3 URLs with connection ID and credentials. The other connection details are fetched through the Trifacta application to create the required URL and configuration.

// sample URI

// sample java-vfs-service CURL request with s3
curl -H 'x-trifacta-person-workspace-id: 1' -X GET 'http://localhost:41917/vfsList?uri=s3://bucket-name/path/to/object?connectionId=136'


You can publish results to your external S3 buckets. Configure an output destination to write to your external S3 bucket.

  1. In Flow View, create or edit an output object. 
    1. To edit, right-click an output object. The object details are displayed in the Details panel.
  2. In the Details panel, click Edit.
  3. Modify the output destination to use the External S3 buckets connection.
  4. Navigate the bucket to select the appropriate location for the output. Specify the file as needed.
  5. To save your changes, click Update

For more information, see Create Outputs.


  1. Import a dataset from External Amazon S3.
  2. Add it to a flow and run a job, publishing results back to S3.

For more information, see Verify Operations.

This page has no comments.