NannyML Cloud supports reading datasets directly from S3. To use this feature we recommend granting the IAM role associated with NannyML Cloud access to the S3 buckets containing your data. This will allow NannyML Cloud to access the S3 buckets you specify without having to provide access keys at runtime.

You can use the IAM policy below as a template for granting read access to specific S3 buckets. This example grants read-only access to the datasets bucket.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": ["s3:ListBucket"],
      "Resource": ["arn:aws:s3:::datasets"]
    },
    {
      "Effect": "Allow",
      "Action": ["s3:GetObject"],
      "Resource": ["arn:aws:s3:::datasets/*"]
    }
  ]
}

You would add this permission to the IAM role associated with your NannyML Cloud instance, e.g. via the IAM portal. Please refer to the AWS documentation about creating IAM policies and attaching IAM permissions for more information.