--- title: "S3 Configuration" slug: "s3-configuration" updated: 2026-01-12T16:36:28Z published: 2026-01-12T16:36:28Z --- > ## Documentation Index > Fetch the complete documentation index at: https://help.gong.io/llms.txt > Use this file to discover all available pages before exploring further. # S3 Configuration > **Who can use this**: Tech admin **Available on**: Data Cloud ## **How the S3 destination works** Once you setup your S3 destination in Gong Data Cloud, all of your available Gong data will be pushed to your destination & will be kept in sync via regular updates (daily). Data transferred to S3 will be loaded as Apache Parquet files in Apache Hive style partitions. This means data will appear in the following folder structure: #### **Path template** ``` ///dt=/_.parquet ``` #### **Path example** ``` gong_data_cloud_bucket/gong_data_cloud_folder/conversations/dt=2025-01-01/0.2025010 ``` Where: - `<bucket_name>` and `<folder_name>` are provided during destination configuration. - `<model_name>` is the name of the data model being transferred (this is equivalent to a table name in relational data destinations). - `<transfer_date>` and `<transfer_timestamp>` are generated at transfer time and based on the transfer's start time. `<transfer_date>` is of the form 2025-01-01, while `<transfer_timestamp>` is of the form 20250101000000. - `<file_part>` is a monotonically increasing integer for a given timestamp, and does not carry any special meaning. | 📘 What are Apache Hive style partitions and Apache Parquet file format? | | --- | | **Apache Hive style partitions** are compatible with most popular query engines, and should make data easily queryable and transportable. **Apache Parquet file format** is an open source, column-oriented data file format that offers efficient data compression and data integrity. | ## **Prerequisites** - By default, S3 authentication uses *role-based access*. You will need the trust policy prepopulated with the Gong AWS ARN and your ExternalId to grant access. ``` * The **Custom trust policy** is: ``` ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::655275192472:role/gpe-us-01-1-c1-app-prequel" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "" } } } ] } ``` Where: - `gong_external_id` is a unique ID assigned to every Gong account. You can find your unique ID in the S3 connection form in the Gong app. ## **Step 1: Set up destination S3 bucket** ### **Create bucket** 1. Navigate to the **S3** service page. 2. Click **Create bucket**. 3. Enter a **Bucket name** and modify any of the default settings as desired. Note: **Object Ownership** can be set to "ACLs disabled" and **Block Public Access settings for this bucket** can be set to "Block all public access" as recommended by AWS. Make note of the **Bucket name** and **AWS Region**. 4. Click **Create bucket**. ## **Step 2: Create policy and IAM role** ### **Create policy** 1. Navigate to the **IAM** service page. 2. Navigate to the **Policies** navigation tab, and click **Create policy**. 3. Click the **JSON** tab, and paste the following policy, being sure to replace `BUCKET_NAME` with the name of the bucket chosen in Step 1. ``` { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": ["s3:PutObject", "s3:DeleteObject"], "Resource": "arn:aws:s3:::BUCKET_NAME/*" } ] } ``` | 📘 Understanding the s3:DeleteObject requirement | | --- | | By default, a connection test is performed against the destination during initial configuration and `s3:DeleteObject` is required to clean up test artifacts. Once the test has been performed successfully and the destination added, this action can be safely removed, as S3 destinations are append-only by default. | 1. Click **Next: Tags**, click **Next: Review**. 2. Name the policy, add a description, and click **Create policy**. ### **Create role** 1. Navigate to the **IAM** service page. 2. Navigate to the **Roles** navigation tab, and click **Create role**. 3. Select **Custom trust policy** and paste the provided trust policy to allow AssumeRole access to the new role. Click **Next**. 4. Add the permissions policy created above, and click **Next**. 5. Enter a Role name, for example, `transfer-role`, and click **Create role**. 6. Once successfully created, search for the created role in the Roles list, click the role name, and make a note of the **ARN** value. | 📘 Alternative authentication method: AWS User with HMAC Access Key ID & Secret Access Key | | --- | | Role based authentication is the preferred authentication mode for S3 based on AWS recommendations, however, HMAC Access Key ID & Secret Access Key is an alternative authentication method that can be used if preferred. Navigate to the **IAM** service page. Navigate to the **Users** navigation tab, and click **Add users**. Enter a **User name** for the service, for example, `transfer-service`, click **Next**. Under **Select AWS access type**, select the **Access key - Programmatic access** option. Click **Next: Permissions**. Click the **Attach existing policies directly** option, and search for the name of the policy created in the previous step. Select the policy, and click **Next: Tags**. Click **Next: Review** and click **Create user**. In the Success screen, record the **Access key ID** and the **Secret access key**. | ## **Step 3: Add your destination** Once you have configured S3, use the fields to set up the connection in Gong: 1. In Gong, go to **Admin center** > **Settings** > **Data Cloud** > **Data cloud settings**. 2. Select **S3** 3. Enter the following details: - **Folder** - **IAM role ARN** - **Bucket name** - **Bucket region** - **S3 admin email** 4. Click **Connect**. A team member who manages and configures the Gong platform and handles CRM integrations, user provisioning, permissions, and system settings. [Find my Tech admin](/v1/docs/find-your-technical-or-business-admin). Gong’s robust data sharing service that integrates Gong-enriched data with external data platforms- for deeper data analytics and advanced insights. Access to features depends on your [company’s plan and your assigned seat](/v1/docs/plans-and-seats).