> ## Documentation Index
> Fetch the complete documentation index at: https://wiki.latch.bio/llms.txt
> Use this file to discover all available pages before exploring further.

# Mounting S3 Buckets

> Latch allows you to mount your own AWS S3 Buckets and use them the same as you would any data on Latch. All you need is to connect your AWS account with Latch to mount buckets from that account.

## Prerequisites

Before you start, ensure you have an IAM role in your AWS that permits you to [create CloudFormation Templates](https://aws.amazon.com/cloudformation/resources/templates/).

Latch utilizes CloudFormation Templates to establish an IAM role that enables the configuration and discovery of your S3 buckets.

## Instructions

**Important:** Latch only supports mounting *versioned* buckets. To check if your bucket is versioned, open the bucket in S3, go to the **Properties** tab, and check **Bucket Versioning**.

### Connecting an AWS Account

<Steps>
  <Step title="Go to the 'Data Tab' and click the 'Mount S3 Bucket' button.">
    <img src="https://mintcdn.com/latchbio/rBOhi8AJn1gA0vrv/images/data/aws.png?fit=max&auto=format&n=rBOhi8AJn1gA0vrv&q=85&s=61ec2415a77e72fc99e9ba21590aa9b8" className="h-56 border-slate-100 border rounded-md" width="1728" height="1080" data-path="images/data/aws.png" />
  </Step>

  <Step title="If you have not connected Latch with your AWS account yet, click the 'Connect AWS Account →' button.">
    <img src="https://mintcdn.com/latchbio/rBOhi8AJn1gA0vrv/images/data/aws2a.png?fit=max&auto=format&n=rBOhi8AJn1gA0vrv&q=85&s=e701ddf5eb2d16b621e14600e5e69066" className="h-56 border-slate-100 border rounded-md" width="1728" height="1080" data-path="images/data/aws2a.png" />
  </Step>

  <Step title="Log into the AWS account which contains your buckets." />

  <Step title="You will be directed to an AWS CloudFormation 'Quick create stack' template.">
    This template creates an IAM role with:

    * Permission to list all of your buckets,
    * Permission to view or update CORS, versioning, policy, and notification settings only on select buckets you specify,
    * Permission to create, tag, delete, and permission a `latch-mount-fw-*` Lambda in your account (this Lambda is limited to writing its own CloudWatch logs and forwarding incoming S3 events to SNS, SQS, or Lambda targets), and
    * Permission to execute lambdas and to publish events to LatchBio's SQS queue (for configuration and bucket notifications, respectively).

    The stack also creates a separate "roleReporter" Lambda with no permissions in your account that posts the new role's ARN back to LatchBio. No permission in the template allows LatchBio to read or configure your account outside of the permitted buckets.

    When you open the CloudFormation template, you'll see an acknowledgment stating "The following resource(s) require capabilities: \[AWS::IAM::Role]. I acknowledge that AWS CloudFormation might create IAM resources with custom names." This pertains to you as the customer executing the CloudFormation stack. The role created by the stack has no IAM permissions, but since it needs to be created and it is an IAM role, AWS ensures that you are aware of this action. However, the role itself in the template has the permissions discussed above and no more, which can be verified by inspecting the template in the AWS UI.
  </Step>

  <Step title="Specify which buckets you want to give LatchBio access to by entering them as a comma (,) delimited list in the field called 'buckets'.">
    <Tip>You can also use wildcards (\*) to specify multiple buckets.</Tip>

    <img src="https://mintcdn.com/latchbio/7Tk1iu3HAtubgwuJ/images/mount-s3-create-stack.png?fit=max&auto=format&n=7Tk1iu3HAtubgwuJ&q=85&s=729057515820adf0ccc9939b6615219e" className="w-full" width="1886" height="1612" data-path="images/mount-s3-create-stack.png" />
  </Step>

  <Step title="Click 'Create Stack' and wait for it to be created." />

  <Step title="Return to Latch Console.">
    The 'Mount S3 Bucket' modal should show your AWS account and all of the buckets you gave LatchBio access to. You might have to click the refresh button on the modal a few times before your buckets show up.
  </Step>

  <Step title="Click the 'Mount/Add Link' button for the bucket you want to mount.">
    The modal will close and the bucket you added will appear in the data list.

    <img src="https://mintcdn.com/latchbio/rSliEwubl8sq_Ts8/images/data/mount-aws.png?fit=max&auto=format&n=rSliEwubl8sq_Ts8&q=85&s=9b470b3dc1cdae607a74273c2ed9370e" className="h-56" width="1728" height="1080" data-path="images/data/mount-aws.png" />

    You can add more buckets by clicking the Add Buckets button - this will allow you to update the Cloudformation stack and give LatchBio access to other buckets in your account.
  </Step>
</Steps>

### Removing a Bucket

Removing a bucket requires edits both on the LatchBio side and in your AWS account.

<Steps>
  <Step title="If you have mounted the bucket, hover over the bucket link in the LData homepage, click the ellipsis (…) and select Delete to remove the link.">
    <img src="https://mintcdn.com/latchbio/rBOhi8AJn1gA0vrv/images/data/delete-mounted-bucket.png?fit=max&auto=format&n=rBOhi8AJn1gA0vrv&q=85&s=8380c5aa83afbabfb00e59929f098f33" className="h-56" width="1728" height="1080" data-path="images/data/delete-mounted-bucket.png" />
  </Step>

  <Step title="Open the S3 Mount Modal and click 'Add Buckets'.">
    Remove the bucket from the `buckets` list and update the Cloudformation
    stack.

    <img src="https://mintcdn.com/latchbio/MyGUG0Q2iaPqX-v6/images/s3-mount/highlight-bucket-in-update-stack.png?fit=max&auto=format&n=MyGUG0Q2iaPqX-v6&q=85&s=ee1078fff7bd33f4b97e607fa3455f8d" className="h-56" border-slate-100 class="rounded-md" width="2768" height="1024" data-path="images/s3-mount/highlight-bucket-in-update-stack.png" />

    <img src="https://mintcdn.com/latchbio/MyGUG0Q2iaPqX-v6/images/s3-mount/delete-bucket-in-update-stack.png?fit=max&auto=format&n=MyGUG0Q2iaPqX-v6&q=85&s=1370709648f51bf8d6221a421740533f" className="h-56" border-slate-100 class="rounded-md" width="2790" height="1042" data-path="images/s3-mount/delete-bucket-in-update-stack.png" />
  </Step>

  <Step title="In the S3 Console, navigate to the bucket you want to remove > Permissions > scroll to Bucket Policy and remove the entry in 'Statements' called 'latch-data-mount'.">
    <Note>
      If this is the only entry in the `Statements` array, you can just delete
      the bucket policy outright.
    </Note>

    <img src="https://mintcdn.com/latchbio/MyGUG0Q2iaPqX-v6/images/s3-mount/delete-bucket-policy.png?fit=max&auto=format&n=MyGUG0Q2iaPqX-v6&q=85&s=8544f26f291719c9872fbad7bd3f4d2d" className="h-56" border-slate-100 class="rounded-md" width="2752" height="1710" data-path="images/s3-mount/delete-bucket-policy.png" />
  </Step>

  <Step title="Still in the bucket homepage, navigate to Properties and scroll to 'Event Notifications' - from here, delete the notification called 'latch-s3-mount'.">
    If you previously had an event notification for this bucket set up, you'll
    have to: 1. Restore that notification, and 2. Go to the Lambda homepage and
    delete the Lambda called `latch-mount-fw-[BUCKET_NAME]`.

    <img src="https://mintcdn.com/latchbio/MyGUG0Q2iaPqX-v6/images/s3-mount/delete-bucket-notification.png?fit=max&auto=format&n=MyGUG0Q2iaPqX-v6&q=85&s=9c47dffc88370f8663fd10d0817e21af" className="h-56" border-slate-100 class="rounded-md" width="2836" height="728" data-path="images/s3-mount/delete-bucket-notification.png" />

    Your bucket has now been removed.
  </Step>
</Steps>

## Troubleshooting

### My bucket isn't showing up in the list in the Mount S3 Bucket modal.

This might be because your bucket isn't versioned. Latch only supports versioned buckets for mounting. To check if your bucket is versioned, open the bucket in S3, go to the **Properties** tab, and check **Bucket Versioning**. If your bucket is versioned and is still not showing up, please reach out to [support@latch.bio](mailto:support@latch.bio) for assistance.

<img src="https://mintcdn.com/latchbio/7Tk1iu3HAtubgwuJ/images/mount-s3-versioning.png?fit=max&auto=format&n=7Tk1iu3HAtubgwuJ&q=85&s=7ca81f7f357b5720dba6a1bd6f551344" className="w-full" width="1640" height="1098" data-path="images/mount-s3-versioning.png" />