New Admins: Register for our new Pure Lecture Series!
Pure's logos
Pure Help Center for Pure Administrators

If you are a researcher, or other non-admin at your institution, click here.

  • Home
  • Announcements
  • Release Notes
  • Technical user guides
  • Training
  • Events
  • Support
  • Contact Us
  • Home
  • Training
  • Technical user guides
  • Pure installation and upgrade guide (self-hosted customers only)

How Can We Help?

Search Results

Filter By Category

Contact Us

If you still have questions or prefer to get help directly from an agent, please submit a request.
We’ll get back to you as soon as possible.

Contact us

Amazon S3Amazon S3

The Amazon S3 connector can be used to store files uploaded to Pure in a S3 bucket. This connector is capable of being the default storage location.

Client configuration

Bucket

The name of the S3 bucket to use.

Region

The region where the S3 bucket resides. If Default Region is selected, the connector will use the region configured in the environment. 

Access keys

The credentials by the connector to access the S3 bucket. If no keys are specified in the configuration, the connector will try to obtain the credentials from the environment.

Encryption

Server side encryption

When uploading files Pure can request that the files uploaded to S3 are stored encrypted to protect the data at rest.

The following options are available:

Encryption Description
None No encryption is specified when uploading files. If the bucket is configured with a default encryption it will be used.
SSE-S3 Use Amazon S3 managed encryption keys to protect the data.
SSE-KMS Encrypt data with a KSM-Managed key.

Obtaining connector configuration from the environment

Instead of configuring the access keys and region directly in the configuration, they can instead be configured outside Pure.

See Working with AWS Credentials for information on how to set up the environment.

Amazon S3 configuration

The S3 bucked should have versioning enabled.

To avoid wasting space on deleted files we recommend setting up a lifecycle rule to permanently delete previous versions of files after a number of days (for example 180 days). 

In order to function properly the S3 user needs permission to perform the following operations:

Object policy:

  s3:PutObject, s3:GetObject, s3:DeleteObject, s3:GetObjectVersion

Bucket policy:

  s3:ListBucket, s3:GetBucketVersioning, s3:ListBucketVersions

 

Below is an example bucket policy configuration that grants the minimum required permissions to the pure user.

{
    "Version": "2012-10-17",
    "Id": "PureAccessPolicy",
    "Statement": [
        {
            "Sid": "ObjectPolicy",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/pure"
            },
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject",
                "s3:GetObjectVersion"
            ],
            "Resource": "arn:aws:s3:::<BUCKET>/files/*"
        },
        {
            "Sid": "BucketPolicy",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::XXXXXXXXXXXX:user/pure"
            },
            "Action": [
                "s3:ListBucket",
                "s3:GetBucketVersioning",
                "s3:ListBucketVersions"
            ],
            "Resource": "arn:aws:s3:::<BUCKET>"
        }
    ]
}

Published at November 09, 2023

Download
Table of Contents
  1. Client configuration
  2. Bucket
  3. Region
  4. Access keys
  5. Encryption
  6. Server side encryption
  7. Obtaining connector configuration from the environment
  8. Amazon S3 configuration
Related Articles
  • Upgrading Pure
  • Pure Mount points
  • Pure Backup
  • Pure maintenance mode (upgrade)
Keywords
  • remote storage
  • cloud storage

Was this article helpful?

Yes
No
Give feedback about this article

    About Pure

  • Announcements

    Additional Support

  • Events
  • Client Community
  • Training

    Need Help?

  • Contact Us
  • Submit a Support Case
  • My Cases
  • Linkedin
  • Twitter
  • Facebook
  • Youtube
Elsevier logo Relx logo

Copyright © 2025 Elsevier, except certain content provided by third parties.

  • Terms & Conditions Terms & Conditions
  • Privacy policyPrivacy policy
  • AccesibilityAccesibility
  • Cookie SettingsCookie Settings
  • Log in to Pure Help CenterLog in to Helpjuice Center

Knowledge Base Software powered by Helpjuice

Expand