Skip to main content
A Job can read its input set from an S3 bucket and write its assembled results back to one. Both directions are wired through a single bucket policy that grants Nimble’s IAM principal access to specific prefixes. Nimble does not assume a role in the customer account. Use Test Connection in the Job form to verify the policy before saving the job.

Nimble’s IAM principal

Every Job runs under a single IAM user:
Use this ARN as the Principal in the bucket policy.

Required permissions

s3:AbortMultipartUpload and s3:ListMultipartUploadParts are required because large output files are written in parts. If an upload fails mid-way, Nimble aborts the incomplete multipart upload so partial bytes do not accumulate in the bucket.
s3:DeleteObject is not requested. Nimble never deletes files in the bucket - including the connection-test probe described below.

Bucket policy template

Replace YOUR_BUCKET with the bucket name. Adjust the input/ and output/ prefixes to match the paths used in the Job form.

Applying the policy

1

Open the bucket

In the AWS Console, open S3 and click the bucket Nimble should access.
2

Edit the bucket policy

Open the Permissions tab. Click Edit under Bucket policy.
3

Paste the template

Paste the JSON above. Replace YOUR_BUCKET and the prefixes. Save changes.
4

Verify in Nimble

Open the Job form. Paste the s3://... path and click Test Connection. A green chip confirms the policy is correct.
Keep Block Public Access enabled. The policy grants access only to Nimble’s IAM user, not to the public.

Test Connection - what it does

The write test leaves an empty .nimble-connection-test file under the output prefix. The file is not deleted - the policy does not grant s3:DeleteObject, so cleanup is not possible. The key is deterministic, so repeated tests overwrite the same object. At most one residue file per output prefix. Remove it manually at any time.

Interpreting the result

All connections

Browse every Job storage connector.
https://mintcdn.com/nimble-f5a8283f/xHR1kINYho_Fqe-s/images/icons/databricks.svg?fit=max&auto=format&n=xHR1kINYho_Fqe-s&q=85&s=1a405a4f3e0fb5d7b3e9d1b8fd5607ff

Databricks

Connect a Job via Delta Sharing instead.