S3 Parameters

Use the following parameters to configure reading from S3 file systems and on-premise storage with S3-compatible APIs, such as Pure Storage, using COPY FROM. For more information about reading data from S3, see Specifying COPY FROM Options.

For the parameters to control the AWS Library (UDSource), see Configure the Vertica Library for Amazon Web Services.

When using AWS, using ALTER SESSION to change these parameters also changes the corresponding parameters for the AWS Library (UDSource).

Query system table CONFIGURATION_PARAMETERS to determine what levels (node, session, database) are valid for a given parameter.

Parameter Description
AWSAuth

An ID and secret key for authentication. For extra security, do not store credentials in the database; use ALTER SESSION…SET PARAMETER to set this value for the current session only. If you use a shared credential, you can set it in the database with ALTER DATABASE…SET PARAMETER. For example:

=> ALTER SESSION SET AWSAuth='ID:secret';

AWS calls these AccessKeyID and SecretAccessKey.

To use admintools create_db or revive_db for Eon Mode on-premise, create a configuration file called auth_params.conf with these settings:

awsauth = key:secret
awsendpoint = IP:port
AWSCAFile

The file name of the TLS server certificate bundle to use. You must set a value when installing a CA certificate on a SUSE Linux Enterprise Server. For example:

=> ALTER DATABASE DEFAULT SET AWSCAFile = '/etc/ssl/ca-bundle.pem';

Default: System-dependent
AWSCAPath

The path Vertica uses to look up TLS server certificates. You must set a value when installing a CA certificate on a SUSE Linux Enterprise Server. For example:

=> ALTER DATABASE DEFAULT SET AWSCAPath = '/etc/ssl/';

Default: system-dependent
AWSEnableHttps

Whether to use the HTTPS protocol when connecting to S3. If you choose not to use TLS, this parameter must be set to 0.

Default: 1 (enabled)
AWSEndpoint

The endpoint to use when interpreting S3 URLs.

To set the endpoint in AWS, do not include http(s)://. Include only the hostname or the IP address:port number.

To use Eon Mode with an on-premise storage option like Pure Storage, you must set this parameter to the IP address of your Pure Storage server.

To use admintools create_db or revive_db for Eon Mode on-premise, create a configuration file called auth_params.conf with these settings:

awsauth = key:secret
awsendpoint = IP:port

Default: s3.amazonaws.com
AWSLogLevel

The log level, one of the following:

  • OFF
  • FATAL
  • ERROR
  • WARN
  • INFO
  • DEBUG
  • TRACE

Default: ERROR
AWSRegion

The AWS region containing the S3 bucket from which to read files. This parameter can only be configured with one region at a time. If you need to access buckets in multiple regions, change the parameter each time you change regions.

If you do not set the correct region, you might experience a delay before queries fail because Vertica retries several times before giving up.

Default: us-east-1
AWSSessionToken

A temporary security token generated by running the get-session-token command, which generates temporary credentials you can use to configure multi-factor authentication.

If you use session tokens, you must set all parameters at the session level, even if some of them are set at the database level. Use ALTER SESSION to set session parameters.

Default: no default.
S3EnableVirtualAddressing

Whether to rewrite S3 URLs to use virtual-hosted paths. For example, if you use AWS, the S3 URLs change to bucketname.s3.amazonaws.com instead of s3.amazonaws.com/bucketname.

The value of this parameter does not affect how you specify S3 paths.

Default: 0 (disabled)