1. Data integration
  2. Anaplan data integration tools
  3. CloudWorks
  4. Create a Cloudworks connection
  5. Set your AWS S3 bucket
  6. Set bucket for a specific IAM role

You can restrict bucket access by setting it to a specific IAM role.

To set your bucket for a specific IAM role, follow the configuration steps below.

  1. Create a new IAM user, if required.
    Note: the IAM user can also be from a service account.
  2. Create an IAM Role(opens external page) if you do not already have one.
  3. Associate the IAM user with IAM Role.
  4. Create the bucket policy. The policy sets read/write access at the S3 bucket level.
  5. Associate the IAM Role with bucket policy.
    Note: this corresponds to the Role ARN step in Edit a connection.
  6. Generate keys for the IAM user, not the root level. You need both an access key ID(opens external page) and a secret access key.
  7. As shown in the screenshot below, enter the:
    •  Access key ID
    • Secret access key and
    • Role ARN for the IAM user when you create a new connection. 
Connect to a service.


We may update our documentation occasionally, but will only do so in a way that does not negatively affect the features and functionality of the Anaplan service.