> ## Documentation Index
> Fetch the complete documentation index at: https://intunedhq.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# S3 standalone Run sink

## Overview

By the end of this guide, you'll have an Intuned project that triggers an RPA automation (via standalone Runs) and sinks its results to S3. You'll:

1. Create an S3 bucket and configure AWS credentials for Intuned.
2. Trigger a Standalone Run with an S3 sink.

## Prerequisites

You'll need:

* An AWS account with S3 access.
* An Intuned account.

<Note>This guide assumes familiarity with Intuned Projects and standalone Runs. If you're new to Intuned, start with the [getting started guide](/main/00-getting-started/introduction).</Note>

## When to use S3 integration with Standalone Runs

Standalone Runs expose a start and result API for executing single API calls on demand. To receive results or check on the Run status, you poll the result endpoint.

S3 integration automatically delivers the results to your S3 bucket as a JSON file. From there, you can process results using AWS tools like Lambda—or connect to other services.

## Guide

### 1. Create an S3 bucket and access credentials

Create an S3 bucket and IAM credentials that Intuned can use to write data:

<Steps>
  <Step title="Create an S3 bucket" icon="bucket">
    1. Log in to the [AWS Management Console](https://console.aws.amazon.com/)
    2. Navigate to the S3 service
    3. Select **Create bucket**
    4. Enter a unique bucket name (e.g., `my-intuned-data`)

    <Tip>
      Choose a descriptive bucket name that makes it easy to identify its purpose (e.g., `company-intuned-production`).
    </Tip>
  </Step>

  <Step title="Configure bucket settings" icon="gear">
    When creating your bucket:

    1. **Object Ownership**: Set to "Access Control Lists (ACLs) disabled"
    2. **Block Public Access**: Keep all public access blocked (recommended for security)
    3. **Bucket Versioning**: Optional - enable if you want to keep historical versions of files
    4. **Encryption**: Optional - enable default encryption for data at rest
    5. Select **Create bucket** to finish

    <Info>
      Intuned only needs write access to your bucket, so keeping public access blocked is safe and recommended.
    </Info>
  </Step>

  <Step title="Create an IAM user for Intuned" icon="user">
    Create a dedicated IAM user with limited permissions for Intuned:

    1. Navigate to **IAM** in the AWS Console
    2. Select **Users** in the left sidebar, then **Create user**
    3. Enter a username (e.g., `intuned-s3-writer`)
    4. Select **Next**, which takes you to the permissions page

    On the permissions page:

    1. Select **Attach existing policies directly**
    2. Select **Create policy** (opens in new tab)
    3. Select the **JSON** tab and paste this policy:

    ```json theme={null}
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "s3:PutObject"
          ],
          "Resource": "arn:aws:s3:::YOUR-BUCKET-NAME/*"
        }
      ]
    }
    ```

    4. Replace `YOUR-BUCKET-NAME` with your actual bucket name
    5. Select **Next**, which takes you to the Review page
    6. Name the policy `IntunedS3WritePolicy`
    7. Select **Create policy**

    <Warning>
      Replace `YOUR-BUCKET-NAME` in the policy with your actual bucket name. Don't use root account credentials - always create a dedicated IAM user.
    </Warning>
  </Step>

  <Step title="Attach policy and generate access keys" icon="key">
    Back in the user creation flow:

    1. Refresh the policies list
    2. Search for `IntunedS3WritePolicy`
    3. Select the checkbox next to the policy
    4. Select **Next** to go to the Review page
    5. Select **Create user**

    Then open the newly created user page:

    1. Go to the **Security credentials** tab
    2. Select **Create access key**
    3. Choose **Application running outside AWS** and select **Next**
    4. Select **Create access key**
    5. **Copy the Access key ID** - you'll need this for Intuned
    6. **Copy the Secret access key** - you'll need this for Intuned (only shown once)
    7. Download the CSV or save these credentials securely

    <Warning>
      Store your credentials securely. The secret access key is only shown once and cannot be retrieved later. Never commit credentials to version control.
    </Warning>
  </Step>

  <Step title="Note your configuration details" icon="clipboard">
    You now have everything needed to configure S3 in Intuned. Save these details:

    * **Bucket name**: Your S3 bucket name
    * **Region**: Your AWS region (e.g., `us-west-2`)
    * **Access key ID**: From the IAM user
    * **Secret access key**: From the IAM user
  </Step>
</Steps>

You'll use these in the next section to trigger your Run.

### 2. Trigger a Run with an S3 sink

Now that your S3 bucket is ready, add an S3 sink to a Run so results are delivered to your bucket.

#### Prepare a Project

You can use an existing Project or create a new one.

For this example, we'll use the `book-consultations-quickstart` project that you can deploy using the [Deploy your first RPA](/main/00-getting-started/quickstarts/rpa) quickstart tutorial.

#### Trigger a Run with S3 sink

<Tabs>
  <Tab title="Dashboard">
    1. Go to [app.intuned.io](https://app.intuned.io)
    2. Open your `book-consultations-quickstart` project
    3. Select the **Runs** tab
    4. Select **Start Run**
    5. Fill in the Run details:
       * **API**: `book-consultations`
       * **Parameters**:

    ```json theme={null}
    {
      "name": "Jane Smith",
      "email": "jane.smith@example.com",
      "phone": "+1(555)123-4567",
      "date": "2025-12-10",
      "time": "14:30",
      "topic": "web-scraping"
    }
    ```

    6. Enable sink configuration and add your S3 details:
       * **Type**: `s3`
       * **Bucket**: Your S3 bucket name (e.g., `my-intuned-data`)
       * **Region**: Your AWS region (e.g., `us-west-2`)
       * **Access Key ID**: Your IAM user access key
       * **Secret Access Key**: Your IAM user secret key
       * **Prefix** (optional): A path prefix to organize files (e.g., `book-consultations-data/`)
       * **Skip On Fail** (optional): Check to skip writing if the Run fails.

    <Frame>
      <img src="https://mintcdn.com/intuned-dev/bhb38akfgMoZ2D8J/assets/integrations/trigger-run-s3.png?fit=max&auto=format&n=bhb38akfgMoZ2D8J&q=85&s=cd4aa5ef1c9b0223dc59cd745e8149bb" alt="Standalone Run sink configuration" width="2880" height="2048" data-path="assets/integrations/trigger-run-s3.png" />
    </Frame>

    7. Select **Start Run**
  </Tab>

  <Tab title="API">
    <CodeGroup>
      ```typescript TypeScript theme={null}
      await intuned.projects.runs.start("book-consultations-quickstart", {
        api: "book-consultations",
        parameters: {
          name: "Jane Smith",
          email: "jane.smith@example.com",
          phone: "+1(555)123-4567",
          date: "2025-12-10",
          time: "14:30",
          topic: "web-scraping"
        },
        sink: {
          type: "s3",
          region: "us-west-2",
          bucket: "my-intuned-data",
          accessKeyId: "<ACCESS-KEY-ID>",
          secretAccessKey: "<SECRET-ACCESS-KEY>"
        }
      });
      ```

      ```python Python theme={null}
      from intuned_client import models

      result = intuned.projects.runs.start(
          project_name="book-consultations-quickstart",
          body=models.RunStartRequestBody(
            api="book-consultations",
            parameters={
              "name": "Jane Smith",
              "email": "jane.smith@example.com",
              "phone": "+1(555)123-4567",
              "date": "2025-12-10",
              "time": "14:30",
              "topic": "web-scraping"
            },
            sink={
              "type": "s3",
              "region": "us-west-2",
              "bucket": "my-intuned-data",
              "accessKeyId": "<ACCESS-KEY-ID>",
              "secretAccessKey": "<SECRET-ACCESS-KEY>"
            }
          )
      )
      ```
    </CodeGroup>
  </Tab>
</Tabs>

#### Inspect data in S3

After the Run completes, view your data in S3:

1. Navigate to the [S3 Console](https://console.aws.amazon.com/s3)
2. Open your bucket (e.g., `my-intuned-data`)
3. Navigate to `{prefix}/runs/{runId}.json` and examine the file.

```json theme={null}
{
  "workspaceId": "<workspace-id>",
  "apiInfo": {
    "name": "book-consultations",
    "runId": "<run-id>",
    "parameters": {
      "name": "Jane Smith",
      "email": "jane.smith@example.com",
      "phone": "+1(555)123-4567",
      "date": "2025-12-10",
      "time": "14:30",
      "topic": "web-scraping"
    },
    "result": { 
      "status": "completed",
      "result": {
        "success": true,
        "date": "2025-12-10",
        "message": "Consultation successfully booked for 2025-12-10 at 14:30"
      },
      "statusCode": 200 
    }
  },
  "project": {
    "id": "<project-id>",
    "name": "book-consultations-quickstart"
  }
}

```

### Configuration options

For full details on S3 sink configuration and available options, see the [S3 Sink API Reference](/client-apis/api-reference/sinks/s3).

Key configuration fields:

| Field             | Required | Description                                     |
| ----------------- | -------- | ----------------------------------------------- |
| `bucket`          | Yes      | S3 bucket name                                  |
| `region`          | Yes      | AWS region (e.g., `us-west-2`)                  |
| `accessKeyId`     | Yes      | AWS access key ID                               |
| `secretAccessKey` | Yes      | AWS secret access key                           |
| `prefix`          | No       | Path prefix for organizing files                |
| `skipOnFail`      | No       | Skip writing failed Runs to S3 (default: false) |
| `endpoint`        | No       | Custom endpoint for S3-compatible services      |
| `forcePathStyle`  | No       | Use path-style URLs for S3-compatible services  |

## Processing data from S3

Once data lands in S3, you can process it in various ways depending on your needs.

A common pattern is using an AWS Lambda function that triggers automatically when a new file arrives. Typical processing tasks include:

* Normalizing the data structure
* Removing empty fields
* Validating against a schema
* Triggering workflows such as sending emails, updating billing systems, or invoking other services

## Best practices

* **Use least privilege IAM policies**: Create a dedicated IAM user for Intuned with only `s3:PutObject` permission. Restrict access to specific bucket paths using resource ARNs. Never use root account credentials.
* **Organize data with prefixes**: Use meaningful prefix structures like `{environment}/{project-name}/{date}/` to make data easier to find, manage, and set lifecycle policies on.
* **Set up lifecycle policies**: Reduce storage costs by transitioning older data to S3 Glacier and deleting data you no longer need. This can reduce costs significantly for infrequently accessed data.
* **Monitor usage and costs**: Enable S3 Storage Lens for bucket-level insights, set up CloudWatch alarms for unexpected growth, and use Cost Explorer to track costs by bucket.

## Related resources

<CardGroup cols={2}>
  <Card title="S3 Sink API Reference" icon="code" href="/client-apis/api-reference/sinks/s3">
    Complete API documentation for S3 sink configuration and options
  </Card>

  <Card title="Runs (Single API executions)" icon="rocket" href="/main/02-features/runs-single-executions">
    Learn more about running single APIs
  </Card>

  <Card title="Jobs" icon="play" href="/main/02-features/jobs-batched-executions">
    Learn about running batched API executions with Jobs
  </Card>

  <Card title="Monitoring and traces" icon="eye" href="/main/02-features/observability-monitoring-logs">
    Debug and monitor your automation runs with traces and logs
  </Card>
</CardGroup>