Nimble’s IAM principal
Every Job runs under a single IAM user:Principal in the bucket policy.
Required permissions
s3:AbortMultipartUpload and s3:ListMultipartUploadParts are required because large output files are written in parts. If an upload fails mid-way, Nimble aborts the incomplete multipart upload so partial bytes do not accumulate in the bucket.
s3:DeleteObject is not requested. Nimble never deletes files in the bucket - including the connection-test probe described below.Bucket policy template
ReplaceYOUR_BUCKET with the bucket name. Adjust the input/ and output/ prefixes to match the paths used in the Job form.
Applying the policy
1
Open the bucket
In the AWS Console, open S3 and click the bucket Nimble should access.
2
Edit the bucket policy
Open the Permissions tab. Click Edit under Bucket policy.
3
Paste the template
Paste the JSON above. Replace
YOUR_BUCKET and the prefixes. Save changes.4
Verify in Nimble
Open the Job form. Paste the
s3://... path and click Test Connection. A green chip confirms the policy is correct.Test Connection - what it does
The write test leaves an empty
.nimble-connection-test file under the output prefix. The file is not deleted - the policy does not grant s3:DeleteObject, so cleanup is not possible. The key is deterministic, so repeated tests overwrite the same object. At most one residue file per output prefix. Remove it manually at any time.Interpreting the result
Related
All connections
Browse every Job storage connector.
Databricks
Connect a Job via Delta Sharing instead.