Skip to main content

CREATE CONNECTION

Introduced or updated: v1.2.339

Creates a connection to external storage.

warning

IMPORTANT: When objects (stages, tables, etc.) use a connection, they copy and store the connection's parameters permanently. If you later modify the connection using CREATE OR REPLACE CONNECTION, existing objects will continue using the old parameters. To update objects with new connection parameters, you must drop and recreate those objects.

Syntax

CREATE [ OR REPLACE ] CONNECTION [ IF NOT EXISTS ] <connection_name> 
STORAGE_TYPE = '<type>'
[ <storage_params> ]
ParameterDescription
STORAGE_TYPEType of storage service. Possible values include: s3, azblob, gcs, oss, and cos.
storage_paramsVary based on storage type and authentication method. See details below for common authentication methods.

For other storage types and additional parameters, see Connection Parameters for details.

Authentication Methods for Amazon S3

Databend supports two primary authentication methods for Amazon S3 connections:

1. Access Keys Authentication

Use AWS access keys for authentication. This is the traditional method using an access key ID and secret access key.

CREATE CONNECTION <connection_name> 
STORAGE_TYPE = 's3'
ACCESS_KEY_ID = '<your-access-key-id>'
SECRET_ACCESS_KEY = '<your-secret-access-key>';
ParameterDescription
ACCESS_KEY_IDYour AWS access key ID.
SECRET_ACCESS_KEYYour AWS secret access key.

2. IAM Role Authentication

Use AWS IAM roles for authentication instead of access keys. This provides a more secure way to access your S3 buckets without managing credentials directly in Databend.

CREATE CONNECTION <connection_name> 
STORAGE_TYPE = 's3'
ROLE_ARN = '<your-role-arn>';
ParameterDescription
ROLE_ARNThe Amazon Resource Name (ARN) of the IAM role that Databend will assume to access your S3 resources.

Examples

Using Access Keys

This example creates a connection to Amazon S3 named 'toronto' and establishes an external stage named 'my_s3_stage' linked to the 's3://databend-toronto' URL, using the 'toronto' connection. For more practical examples about connection, see Usage Examples.

CREATE CONNECTION toronto 
STORAGE_TYPE = 's3'
SECRET_ACCESS_KEY = '<your-secret-access-key>'
ACCESS_KEY_ID = '<your-access-key-id>';

CREATE STAGE my_s3_stage
URL = 's3://databend-toronto'
CONNECTION = (CONNECTION_NAME = 'toronto');

Using AWS IAM Role

This example creates a connection to Amazon S3 using an IAM role and then creates a stage that uses this connection. This approach is more secure as it doesn't require storing access keys in Databend.

CREATE CONNECTION databend_test 
STORAGE_TYPE = 's3'
ROLE_ARN = 'arn:aws:iam::987654321987:role/databend-test';

CREATE STAGE databend_test
URL = 's3://test-bucket-123'
CONNECTION = (CONNECTION_NAME = 'databend_test');

-- You can now query data from your S3 bucket
SELECT * FROM @databend_test/test.parquet LIMIT 1;
info

To use IAM roles with Databend Cloud, you need to set up a trust relationship between your AWS account and Databend Cloud. See Creating External Stage with AWS IAM Role for detailed instructions.

Explore Databend Cloud for FREE
Low-cost
Fast Analytics
Easy Data Ingestion
Elastic Scaling
Try it today