Skip to content

Introducing Storage Connections

Storage Connections bridges the gap between your existing data infrastructure and AI applications. Instead of uploading files one-by-one into chat interfaces or building custom integrations, simply connect your Amazon S3 buckets to Vendia and give AI agents secure access to the files they need — whether it’s product catalogs, reference documentation, images, or analytics data.

With Storage Connections, you unlock powerful AI workflows while maintaining complete control:

  • Leverage Existing Infrastructure: AI agents work directly with files in your S3 buckets — no data migration required
  • Maintain Control: Two-layer security (IAM + Access Policies) ensures AI agents only access what they need
  • Enable Rich Workflows: AI can read context, generate reports, process images, and create new content — all within your secure infrastructure
  • Scale Effortlessly: From a few reference documents to enterprise-wide data access, Storage Connections scales with your needs

How It Works

Access is controlled through a powerful two-layer permission system:

  1. IAM Permissions: Define the outer boundary of what operations are possible at the AWS level
  2. Access Policies: Provide fine-grained control within those boundaries using glob patterns to specify exactly which files and folders AI agents can access and what operations they can perform

This architecture gives you defense-in-depth: even if an AI agent requests broad access, your IAM policies and access policies work together to enforce exactly what you intend to allow.

Getting Started

  1. Plan Your Access Strategy: Determine which files and folders AI agents need to access and what operations they should perform
  2. Configure IAM Permissions: Set up the appropriate IAM permissions in AWS
  3. Create Storage Connection: Configure the connection in your Vendia dashboard
  4. Configure Access Policies: Define fine-grained access control for AI agents using glob patterns
  5. Use with AI Applications: Access your S3 files through MCP-compatible AI applications

Access Control Overview

IAM Permissions (AWS Level)

IAM permissions define what’s technically possible and act as a security boundary:

  • Read Operations: Requires s3:GetObject and s3:ListBucket permissions
  • Write Operations: Requires s3:PutObject permission
  • Delete Operations: Requires s3:DeleteObject permission
  • Complete Access: Requires all permissions: s3:GetObject, s3:ListBucket, s3:PutObject, and s3:DeleteObject

Access Policies (Vendia Level)

Access policies provide fine-grained control within IAM boundaries using glob patterns to specify:

  • Actions: What AI agents can do (FILE_READ, FILE_WRITE, FILE_CREATE, FILE_DELETE, FILE_ALL)
  • Resources: Which files and folders these actions apply to (using glob patterns like docs/**, *.txt, reports/**/*.pdf)

See Access Policies for detailed configuration guidance.

Supported File Types

Storage Connections supports a wide range of file types, enabling diverse AI workflows:

File TypeExtensionsRead SupportWrite Support
Text Files.txt, .md, .json, .csv, .xml, .yaml, .yml
Image Files.jpg, .jpeg, .png, .gif, .bmp, .webp
PDF Files.pdf
Spreadsheets.xlsx, .xls
Documents.docx
Presentations.pptx

Whether you’re enabling AI to read product specifications, analyze spreadsheets, process images, or generate reports, Storage Connections provides the file access you need.

Prerequisites

Before creating your first Storage Connection, ensure you have:

  1. AWS IAM Role: A role with appropriate permissions for your S3 buckets
  2. S3 Bucket Access: Access to the S3 bucket(s) you want to connect
  3. Vendia Account Permissions: Permissions to configure Storage Connections

Need Help?

If you encounter issues during setup or have questions about using Storage Connections:

Free Tier Support

Enterprise Tier Support