Amazon S3 Connector Setup
The Amazon S3 connector lets Moveworks ingest data — such as user records or files — that is delivered to an Amazon S3 bucket. It is commonly used when a source system cannot expose a direct API, and data is instead delivered to Moveworks as files (for example, user records dropped into an S3 bucket).
Setting up the connector has two parts:
- Create the connector in Moveworks Setup — a quick, self-service step that registers an integration entry for your organization.
- Request the AWS folder and access from Moveworks — Moveworks provisions the S3 folder and the access details you use to deliver your data.
Create the S3 Connector in Moveworks Setup
Creating the connector in Moveworks Setup registers an integration entry for your organization. No credentials are required at this step.
Enter a unique connector name
Give the connector a unique name that is easy to identify (for example, s3_user_import). Use a name that reflects what the connector is used for.
Save the connector
Save to create the connector.
No credentials are required to create the S3 connector. Creating it here simply registers an integration entry for your organization — it does not move any data on its own. Data delivery is enabled once Moveworks provisions the AWS folder and access (see below).
Request AWS Folder Creation and Access from Moveworks
After the connector exists in Moveworks Setup, the AWS folder and the access used to deliver your data are provisioned by Moveworks.
Raise a Support Ticket for AWS Folder Creation and Access
The AWS folder and SFTP access cannot be created from Moveworks Setup — they are provisioned by Moveworks.
Before you raise the ticket, generate an SSH key pair. You share only the public key with Moveworks and keep the private key secure — you use it to connect to the SFTP server.
Raise a support ticket and include:
- The connector name you created in Moveworks Setup.
- Your SSH public key, so Moveworks can authorize your access to the SFTP server.
- The type of data you plan to deliver (for example, user records) and the expected delivery cadence.
Moveworks provisions the folder, authorizes your public key, and returns your SFTP connection details — host, port, username, and target directory.
Treat the access details as sensitive. Store them securely and share them only with the team members responsible for delivering data. To rotate or revoke access, raise a support ticket with Moveworks.
Deliver Your Data Files Over SFTP
After Moveworks provisions your folder and authorizes your public key, deliver your data files to the SFTP server using the connection details from the support ticket response.
Connect to the SFTP server
Connect with your SSH private key and the connection details Moveworks shared with you. The host and target directory are specific to your organization and region — your details look like the following:
Upload your data files
Upload your files to the target directory Moveworks provided. For user records, deliver a CSV that matches the expected schema.
Confirm the upload
Verify that the file appears in the target directory. Moveworks imports it on the configured crawl schedule — see Validation below to confirm it was read successfully.
Keep your private key secure and never share it with Moveworks — only the public key is required. To rotate your key, generate a new key pair and raise a support ticket with the new public key.
How It Works
Moveworks uses dedicated, per-customer Amazon S3 buckets as the data store. Each bucket is allocated to a single customer and encrypted with a unique key generated via AWS KMS, with all data encrypted at rest using AES-256.
The end-to-end flow is:
- You create the S3 connector in Moveworks Setup (registers the integration entry).
- Moveworks provisions the AWS folder and shares the access details with you.
- You deliver your data files to that folder over SFTP on an agreed cadence.
- Moveworks ingests the data on the configured crawl schedule, after which it is processed and indexed.
Validation
After your first file delivery, confirm that Moveworks is successfully reading the data:
- In Moveworks Setup, navigate to Core Platform > Data Crawling View.
- Locate the resource associated with your S3 connector and check the crawl health and the latest crawl run.
- If a run fails, use View Logs and the Error Summary to troubleshoot (commonly a file format or schema mismatch, or an empty file).
See the Data Crawling View guide for full details on monitoring and troubleshooting ingestion.
Frequently Asked Questions
Do I need credentials to create the S3 connector?
No. Creating the S3 connector in Moveworks Setup does not require credentials — it registers an integration entry for your organization. The access details used to deliver data are provided separately by Moveworks after you raise a support ticket.
Who creates the AWS S3 folder — me or Moveworks?
Moveworks. The folder lives in a dedicated, per-customer, KMS-encrypted bucket provisioned and managed by Moveworks. You request it by raising a support ticket; you do not need to create or own an AWS bucket.
How is my data secured?
Each customer is allocated a dedicated S3 bucket encrypted with a unique per-customer key via AWS KMS, with all data encrypted at rest using AES-256. The S3 connector follows the same security protocols as Moveworks’ other ingestion paths.
How do I deliver my data files to Moveworks?
You deliver files over SFTP using an SSH key pair. Generate the key pair, share your public key with Moveworks when you raise the support ticket, then connect to the SFTP server with your private key and upload files to the target directory Moveworks provides. See Deliver Your Data Files Over SFTP.
How do I rotate or revoke the access credentials?
Raise a support ticket with Moveworks to rotate or revoke the access credentials for your S3 folder.