Sign inTry Free

Connect to AWS S3 Bucket from SingleStore

On this page

Overview

SingleStore Helios workspaces deployed in AWS regions securely connect to Amazon S3 buckets using AWS gateway endpoints. These connections remain within the internal AWS network, which eliminates the exposure to the public internet.

For more information on how to load data from AWS S3 using pipelines, refer to Load Data from Amazon Web Services (AWS) S3.

How It Works

SingleStore preconfigures AWS gateway endpoints in its AWS environments. These endpoints provide private and optimized connectivity to Amazon S3 for buckets located in the same region as the Helios workspace.

When an S3 bucket is referenced using the LOAD DATA command, SingleStore initiates an outbound connection. If the bucket is in the same AWS region as the workspace, traffic is automatically routed through the gateway endpoint, which ensures the connection stays within the AWS network.

If the S3 bucket is in a different region than your Helios workspace, the traffic may be routed over the public internet.

Requirements

To take advantage of gateway endpoint routing, ensure the following:

  • The S3 bucket is located in the same AWS region as your Helios workspace.

  • Use the following to access the S3 bucket:

    • IAM policy

    • AWS credentials

    Refer to Load Data from Amazon Web Services (AWS) S3 for more information on IAM policy and AWS credentials.

Last modified: July 25, 2025

Was this article helpful?

On this page

Was this article helpful?

Verification instructions

Note: You must install cosign to verify the authenticity of the SingleStore file.

Use the following steps to verify the authenticity of singlestoredb-server, singlestoredb-toolbox, singlestoredb-studio, and singlestore-client SingleStore files that have been downloaded.

You may perform the following steps on any computer that can run cosign, such as the main deployment host of the cluster.

  1. (Optional) Run the following command to view the associated signature files.

    curl undefined

  2. Download the signature file from the SingleStore release server.

    • Option 1: Click the Download Signature button next to the SingleStore file.

    • Option 2: Copy and paste the following URL into the address bar of your browser and save the signature file.

    • Option 3: Run the following command to download the signature file.

      curl -O undefined

  3. After the signature file has been downloaded, run the following command to verify the authenticity of the SingleStore file.

    echo -n undefined |
        cosign verify-blob --certificate-oidc-issuer https://oidc.eks.us-east-1.amazonaws.com/id/CCDCDBA1379A5596AB5B2E46DCA385BC \
          --certificate-identity https://kubernetes.io/namespaces/freya-production/serviceaccounts/job-worker \
          --bundle undefined \
          --new-bundle-format -
    Verified OK