roboto.domain.orgs.s3_integration#

Module Contents#

class roboto.domain.orgs.s3_integration.RegisterS3IntegrationRequest(/, **data)#

Bases: pydantic.BaseModel

Request payload to integrate an S3 bucket with Roboto.

Parameters:

data (Any)

account_id: str#

AWS account ID that owns the S3 bucket.

aws_region: str#

AWS region where the S3 bucket is located.

bucket_name: str#

Name of the S3 bucket to integrate.

org_id: str#

Organization ID to associate with this S3 integration.

readonly: bool = False#

Whether Roboto should have read-only access to the bucket.

transfer_accelerated: bool = False#

Whether to enable S3 Transfer Acceleration for faster uploads.

class roboto.domain.orgs.s3_integration.RegisterS3IntegrationResponse(/, **data)#

Bases: pydantic.BaseModel

Response payload containing S3 integration setup instructions.

Parameters:

data (Any)

iam_role_name: str#

Name of the IAM role to create for Roboto access.

iam_role_policy: dict[str, Any]#

IAM policy document to attach to the role.

iam_role_trust_relationship: dict[str, Any]#

IAM trust policy document for the role.

s3_bucket_cors_policy: list[dict[str, Any]]#

CORS policy to apply to the S3 bucket.

class roboto.domain.orgs.s3_integration.S3IntegrationService(roboto_client, sts_client=None, s3_client=None, iam_client=None)#

Service for integrating S3 buckets with Roboto organizations.

This service handles the setup of cross-account IAM roles and S3 bucket policies to allow Roboto to access customer S3 buckets for data storage and processing.

Parameters:

  • roboto_client (roboto.http.RobotoClient)

  • sts_client (Optional[Any])

  • s3_client (Optional[Any])

  • iam_client (Optional[Any])

register_bucket(org_id, account_id, bucket_name, transfer_accelerated=False, readonly=False)#

Register an S3 bucket for use with a Roboto organization.

This method sets up the necessary IAM roles and S3 bucket policies to allow Roboto to access the specified S3 bucket. The caller must have appropriate AWS credentials with permissions to create IAM roles and modify S3 bucket policies.

Parameters:

  • org_id (str) – Organization ID to associate with this S3 integration.

  • account_id (str) – AWS account ID that owns the S3 bucket.

  • bucket_name (str) – Name of the S3 bucket to integrate.

  • transfer_accelerated (bool) – Whether to enable S3 Transfer Acceleration.

  • readonly (bool) – Whether Roboto should have read-only access to the bucket.

Raises:

  • RobotoInvalidRequestException – AWS credentials are invalid or account ID mismatch.

  • ValueError – The specified bucket does not exist or is not owned by the account.

  • botocore.exceptions.ClientError – AWS API errors during setup.

Examples

Register a bucket for read-write access:

>>> from roboto.domain.orgs import S3IntegrationService
>>> from roboto import RobotoClient
>>> service = S3IntegrationService(RobotoClient())
>>> service.register_bucket(
...     org_id="org_12345",
...     account_id="123456789012",
...     bucket_name="my-data-bucket"
... )

Register a bucket with read-only access:

>>> service.register_bucket(
...     org_id="org_12345",
...     account_id="123456789012",
...     bucket_name="my-readonly-bucket",
...     readonly=True
... )
roboto.domain.orgs.s3_integration.logger#
On this page