IntegrationsCloud StorageAmazon S3

Amazon S3

Datafly Signal delivers events to Amazon S3 buckets for durable object storage, data lake architectures, and downstream analytics with tools like Athena, Spark, and Presto.

Prerequisites

Before configuring Amazon S3 in Signal, you need an AWS account with an S3 bucket and an IAM user with write permissions.

Create an AWS Account

If you don’t already have one, sign up at aws.amazon.com.

Create an S3 Bucket

  1. Open the S3 console.
  2. Click Create bucket.
  3. Enter a Bucket name (e.g. datafly-events-production). Bucket names must be globally unique.
  4. Select the AWS Region closest to your Signal deployment.
  5. Leave Block Public Access settings enabled (recommended).
  6. Optionally enable Bucket Versioning for data protection.
  7. Click Create bucket.

Choose a region close to your Signal infrastructure to minimise latency and data transfer costs.

Create an IAM User for Signal

  1. Open the IAM console.
  2. Go to Users > Create user.
  3. Enter a username (e.g. datafly-signal-s3).
  4. Attach a custom policy:
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "s3:PutObject"
      ],
      "Resource": "arn:aws:s3:::datafly-events-production/*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "s3:GetBucketLocation"
      ],
      "Resource": "arn:aws:s3:::datafly-events-production"
    }
  ]
}
  1. Replace the bucket name with your value.

Generate Access Keys

  1. On the IAM user detail page, go to Security credentials.
  2. Under Access keys, click Create access key.
  3. Select Application running outside AWS.
  4. Copy the Access Key ID and Secret Access Key immediately — the secret is only shown once.
⚠️

Store these credentials securely. If you lose the secret access key, you must create a new key pair.

Configuration

FieldTypeRequiredDescription
bucket_namestringYesThe name of the S3 bucket where event files will be written.
regionselectYesThe AWS region where your S3 bucket is located.
access_key_idsecretYesThe AWS access key ID with write permissions to the target bucket.
secret_access_keysecretYesThe AWS secret access key associated with the access key ID.
prefixstringNoOptional prefix (folder path) prepended to all object keys. Include a trailing slash (e.g. events/).
file_formatselectYesThe output file format: json (newline-delimited JSON) or parquet.

Signal Setup

Quick Setup

  1. Navigate to Integrations in the sidebar.
  2. Open the Integration Library tab.
  3. Find Amazon S3 or filter by Cloud Storage.
  4. Click Install, select a variant if available, and fill in the required fields.
  5. Click Install Integration to create the integration with a ready-to-use default blueprint.

API Setup

curl -X POST http://localhost:8084/v1/admin/integration-catalog/amazon_s3/install \
  -H "Authorization: Bearer YOUR_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Amazon S3",
    "variant": "default",
    "config": {
      "bucket_name": "datafly-events-production",
      "region": "us-east-1",
      "access_key_id": "AKIAIOSFODNN7EXAMPLE",
      "secret_access_key": "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
      "prefix": "events/",
      "file_format": "json"
    },
    "delivery_mode": "server_side"
  }'

Testing

  1. Enable the integration in Signal and trigger a test event on your website.
  2. Open the S3 console and navigate to your bucket.
  3. Browse to the prefix path and verify that event files are appearing.
  4. Download a file and inspect the contents to confirm the event data is correct.
  5. In Signal, check the Live Events view to confirm delivery status shows as successful.

Troubleshooting

ProblemSolution
Events not appearing in S3Verify the bucket name, region, and prefix are correct. Check that the bucket exists.
AccessDeniedThe IAM user lacks s3:PutObject permission on the bucket. Update the IAM policy.
NoSuchBucketThe bucket does not exist. Verify the bucket name (names are case-sensitive and globally unique).
InvalidAccessKeyIdThe access key ID is incorrect or the IAM user has been deleted. Verify credentials.
SignatureDoesNotMatchThe secret access key is incorrect. Regenerate the access key pair.
Files appearing but emptyCheck the batch settings. Events are buffered before flushing to files.
Wrong region errorS3 bucket region must match the region config field. Check the bucket’s actual region in the S3 console.

Visit Amazon S3 documentation for full API reference, lifecycle policies, and cost optimisation guides.

Amazon KinesisAzure Blob Storage