Create an Amazon S3 bucket for Amazon MWAA - Amazon Managed Workflows for Apache Airflow
Before you beginCreate the bucketWhat's next?
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Create an Amazon S3 bucket for Amazon MWAA

This guide describes the steps to create an Amazon S3 bucket to store your Apache Airflow Directed Acyclic Graphs (DAGs), custom plugins in a plugins.zip file, and Python dependencies in a requirements.txt file.

Before you begin

  • The Amazon S3 bucket name can't be changed after you create the bucket. To learn more, see Rules for bucket naming in the Amazon Simple Storage Service User Guide.

  • An Amazon S3 bucket used for an Amazon MWAA environment must be configured to Block all public access, with Bucket Versioning enabled.

  • An Amazon S3 bucket used for an Amazon MWAA environment must be located in the same Amazon Region as an Amazon MWAA environment. To view a list of Amazon Regions for Amazon MWAA, see Amazon MWAA endpoints and quotas in the Amazon Web Services General Reference.

Create the bucket

This section describes the steps to create the Amazon S3 bucket for your environment.

To create a bucket

  1. Sign in to the Amazon Web Services Management Console and open the Amazon S3 console at https://console.amazonaws.cn/s3/.

  2. Choose Create bucket.

  3. In Bucket name, enter a DNS-compliant name for your bucket.

    The bucket name must:

    • Be unique across all of Amazon S3.

    • Be between 3 and 63 characters long.

    • Not contain uppercase characters.

    • Start with a lowercase letter or number.

    Important

    Avoid including sensitive information, such as account numbers, in the bucket name. The bucket name is visible in the URLs that point to the objects in the bucket.

  4. Choose an Amazon Region in Region. This must be the same Amazon Region as your Amazon MWAA environment.

    1. We recommend choosing a region close to you to minimize latency and costs and address regulatory requirements.

  5. Choose Block all public access.

  6. Choose Enable in Bucket Versioning.

  7. Optional - Tags. Add key-value tag pairs to identify your Amazon S3 bucket in Tags. For example, Bucket : Staging.

  8. Optional - Server-side encryption. You can optionally Enable one of the following encryption options on your Amazon S3 bucket.

    1. Choose Amazon S3 key (SSE-S3) in Server-side encryption to enable server-side encryption for the bucket.

    2. Choose Amazon Key Management Service key (SSE-KMS) to use an Amazon KMS key for encryption on your Amazon S3 bucket:

      1. Amazon managed key (aws/s3) - If you choose this option, you can either use an Amazon owned key managed by Amazon MWAA, or specify a Customer managed key for encryption of your Amazon MWAA environment.

      2. Choose from your Amazon KMS keys or Enter Amazon KMS key ARN - If you choose to specify a Customer managed key in this step, you must specify an Amazon KMS key ID or ARN. Amazon KMS aliases and multi-region keys are not supported by Amazon MWAA. The Amazon KMS key you specify must also be used for encryption on your Amazon MWAA environment.

  9. Optional - Advanced settings. If you want to enable Amazon S3 Object Lock:

    1. Choose Advanced settings, Enable.

      Important

      Enabling Object Lock will permanently allow objects in this bucket to be locked. To learn more, see Locking Objects Using Amazon S3 Object Lock in the Amazon Simple Storage Service User Guide.

    2. Choose the acknowledgement.

  10. Choose Create bucket.

What's next?