Create an Amazon S3 bucket for Amazon MWAA

This guide describes the steps to create an Amazon S3 bucket to store your Apache Airflow Directed Acyclic Graphs (DAGs), custom plugins in a plugins.zip file, and Python dependencies in a requirements.txt file.

Contents

• Before you begin
• Create the bucket
• What's next?

Before you begin

• The Amazon S3 bucket name can't be changed after you create the bucket. To learn more, see Rules for bucket naming in the Amazon Simple Storage Service User Guide.

• An Amazon S3 bucket used for an Amazon MWAA environment must be configured to Block all public access, with Bucket Versioning enabled.

• An Amazon S3 bucket used for an Amazon MWAA environment must be located in the same AWS Region as an Amazon MWAA environment. To view a list of AWS Regions for Amazon MWAA, see Amazon MWAA endpoints and quotas in the AWS General Reference.

Create the bucket

This section describes the steps to create the Amazon S3 bucket for your environment.

To create a bucket

1. Sign in to the AWS Management Console and open the Amazon S3 console at https://console.aws.amazon.com/s3/.

2. Choose Create bucket.

3. In Bucket name, enter a DNS-compliant name for your bucket.

   The bucket name must:

   • Be unique across all of Amazon S3.

   • Be between 3 and 63 characters long.

   • Not contain uppercase characters.

   • Start with a lowercase letter or number.

   Important

   Avoid including sensitive information, such as account numbers, in the bucket name. The bucket name is visible in the URLs that point to the objects in the bucket.

4. Choose an AWS Region in Region. This must be the same AWS Region as your Amazon MWAA environment.

   1. We recommend choosing a region close to you to minimize latency and costs and address regulatory requirements.

5. Choose Block all public access.

6. Choose Enable in Bucket Versioning.

7. Optional - Tags. Add key-value tag pairs to identify your Amazon S3 bucket in Tags. For example, Bucket : Staging.

8. Optional - Server-side encryption. You can optionally Enable one of the following encryption options on your Amazon S3 bucket.

   1. Choose Amazon S3 key (SSE-S3) in Server-side encryption to enable server-side encryption for the bucket.

   2. Choose AWS Key Management Service key (SSE-KMS) to use an AWS KMS key for encryption on your Amazon S3 bucket:

      1. AWS managed key (aws/s3) - If you choose this option, you can either use an AWS owned key managed by Amazon MWAA, or specify a Customer managed key for encryption of your Amazon MWAA environment.

      2. Choose from your AWS KMS keys or Enter AWS KMS key ARN - If you choose to specify a Customer managed key in this step, you must specify an AWS KMS key ID or ARN. AWS KMS aliases and multi-region keys are not supported by Amazon MWAA. The AWS KMS key you specify must also be used for encryption on your Amazon MWAA environment.

9. Optional - Advanced settings. If you want to enable Amazon S3 Object Lock:

   1. Choose Advanced settings, Enable.

      Important

      Enabling Object Lock will permanently allow objects in this bucket to be locked. To learn more, see Locking Objects Using Amazon S3 Object Lock in the Amazon Simple Storage Service User Guide.

   2. Choose the acknowledgement.

10. Choose Create bucket.

What's next?

• Learn how to create the required Amazon VPC network for an environment in Create the VPC network.

• Learn how to how to manage access permissions in How do I set ACL bucket permissions?

• Learn how to delete a storage bucket in How do I delete an S3 Bucket?.