S3 file system support#
Trino includes a native implementation to access Amazon S3 and compatible storage systems with a catalog using the Delta Lake, Hive, Hudi, or Iceberg connectors.
Enable the native implementation with fs.native-s3.enabled=true in your
catalog properties file.
General configuration#
Use the following properties to configure general aspects of S3 file system support:
| Property | Description | 
|---|---|
| 
 | Activate the native implementation for S3 storage support, and deactivate
all legacy support. Defaults to  | 
| 
 | Required endpoint URL for S3. | 
| 
 | Required region name for S3. | 
| 
 | Use path-style access for all requests to S3 | 
| 
 | Canned ACL
to use when uploading files to S3. Defaults to  | 
| 
 | Set the type of S3 server-side encryption (SSE) to use. Defaults to  | 
| 
 | The identifier of a key in KMS to use for SSE. | 
| 
 | Part size for S3 streaming upload. Values between  | 
| 
 | Switch to activate billing transfer cost to the requester. Defaults to
 | 
| 
 | Maximum number of connections to S3.  Defaults to  | 
| 
 | Maximum time duration allowed to reuse connections in the connection pool before being replaced. | 
| 
 | Maximum time duration allowed for connections to remain idle in the connection pool before being closed. | 
| 
 | Maximum time duration allowed for socket connection requests to complete before timing out. | 
| 
 | Maximum time duration for socket read operations before timing out. | 
| 
 | Enable TCP keep alive on created connections. Defaults to  | 
| 
 | URL of a HTTP proxy server to use for connecting to S3. | 
| 
 | Set to  | 
| 
 | Proxy username to use if connecting through a proxy server. | 
| 
 | Proxy password to use if connecting through a proxy server. | 
| 
 | Hosts list to access without going through the proxy server. | 
| 
 | Whether to attempt to authenticate preemptively against proxy server
when using base authorization, defaults to  | 
| 
 | Specifies how the AWS SDK attempts retries. Default value is  | 
| 
 | Specifies maximum number of retries the client will make on errors.
Defaults to  | 
| 
 | Set to  | 
Authentication#
Use the following properties to configure the authentication to S3 with access and secret keys, STS, or an IAM role:
| Property | Description | 
|---|---|
| 
 | AWS access key to use for authentication. | 
| 
 | AWS secret key to use for authentication. | 
| 
 | The endpoint URL of the AWS Security Token Service to use for authenticating to S3. | 
| 
 | AWS region of the STS service. | 
| 
 | ARN of an IAM role to assume when connecting to S3. | 
| 
 | Role session name to use when connecting to S3. Defaults to
 | 
| 
 | External ID for the IAM role trust policy when connecting to S3. |