Create Cloud Storage Connection File (Data Management Tools)

Summary

Creates a connection file for ArcGIS-supported cloud storage. This tool allows existing raster geoprocessing tools to write cloud raster format (CRF) datasets into the cloud storage bucket or read raster datasets (not limited to CRF) stored in the cloud storage as input. The tool also creates a cloud storage connection file that you can use to access Apache Parquet files for mapping.

Usage

You must provide the necessary information to make a cloud storage connection—such as access key ID, secret access key string, and bucket name—to run this tool. You can also use alternate authentication methods using the Provider options parameter.

Learn more about connecting to cloud stores
The tool outputs a binary cloud storage connection file (.acs) in ArcGIS Cloud Storage format.
When accessing a raster dataset or Parquet file stored in a cloud storage location, you can reference it through a file path such as c:/temp/amazons3.acs/someraster. If the dataset or file is stored in a folder in the bucket, the folder name must be included in the path, for example, c:/temp/amazons3.acs/foldername/someraster.
This tool supports connections to Amazon Simple Storage Service (S3) buckets, Microsoft Azure Blob Storage containers, Microsoft Azure Data Lake Storage Gen2, Alibaba Cloud Object Storage Service (OSS) buckets, Google Cloud Storage Service (GCS) buckets, WebHDFS, MinIO, and Ozone Object Storage Service buckets. Amazon S3, Azure Blob Storage containers, Microsoft Azure Data Lake Storage Gen2, and GCS buckets are supported when accessing a Parquet file.
The tool validates the credentials provided at run time. If the connection cannot be made, the tool returns a warning.
OAuth 2.0 authentication with Azure Active Directory is supported with user-interactive login for Azure and Azure Data Lake Storage Gen2. OAuth 2.0 authentication for Google Cloud Storage Service is also supported. See Connect to authentication providers from ArcGIS Pro for configuration. Once configured and the user is signed in, the authentication parameter becomes active for Google, Azure, and Azure Data Lake Storage Gen2. Region and Endpoint will be retrieved from the configuration.
Support for user-assigned managed identities using Entra ID on an Azure virtual machine is available for Azure and Azure Data Lake Storage Gen2.
Role-based access control (RBAC) is available for Amazon, Azure, and Google cloud providers. Keeping all authentication parameters empty while using an Amazon Elastic Compute Cloud (EC2), Azure virtual machine, or Google Compute Engine will enable ArcGIS Pro to access Blob storage using IAM roles or Azure RBAC. For Amazon, IMDSv1 and IMDSv2 are supported.
Microsoft Azure Data Lake Storage Gen2 follows the same options as Azure but provides true directory support and atomic operations using a DFS endpoint. Some network errors during cloud operations are retried following exponential backoff.
Support for AWS IAM Identity Center (AWS SSO) is available for Amazon. To use AWS SSO, install AWS CLI, and configure and sign in to AWS SSO. Get the SSO start URL and SSO region for AWS SSO configuration from your administrator. The session token management will be handled by ACS automatically until the AWS SSO login expires. If the login expires, sign in again to keep the ACS valid.

To work with AWS SSO, the Region (Environment) and Service End Point parameter values and the Provider Options parameter's AWS_PROFILE option are required and must be accurate.
Support for an Amazon S3 Express One Zone directory bucket is available for Amazon. Your administrator needs to provide S3 access control list (ACL) permission to access the directory bucket for your account. All the authentication methods available for regular buckets are supported for directory buckets as well. If you have a temporary session token to access directory buckets, use the Access Key ID and Secret Access Key parameters and the Provider Options parameter's AWS_S3SESSION_TOKEN option.
For performance considerations and additional information, see the GDAL virtual file systems documentation.

Caution:

Esri does not test, certify, or guarantee that S3-compatible storage providers will be compatible with ArcGIS, and Esri Technical Support is not available to troubleshoot compatibility issues.

Label	Explanation	Data type
Connection File Location	The folder path where the connection file (`.acs`) will be created.	Folder
Connection File Name	The name of the cloud storage connection file.	String
Service Provider	Specifies the cloud storage service provider that will be used. Azure—The service provider will be Microsoft Azure, and accessing a Parquet file is supported. Amazon—The service provider will be Amazon S3, and accessing a Parquet file is supported. Google—The service provider will be Google Cloud Storage, and accessing a Parquet file is supported. Alibaba—The service provider will be Alibaba Cloud Storage. WebHDFS—The service provider will be WebHDFS. MinIO—The service provider will be MinIO. Azure Data Lake—The service provider will be Microsoft Azure Data Lake Storage, and accessing a Parquet file is supported. Ozone—The service provider will be Ozone. Web—The service provider that will be used to access generic HTTP URLs.	String
Bucket (Container) Name	The name of the cloud storage container where the raster dataset or Parquet file is stored. If you're using this location for raster geoprocessing tool output, this is the container where the output raster dataset will be stored. Many cloud providers also call this container a bucket.	String
Access Key ID (Account Name) (Optional)	The access key ID string for the specific cloud storage type. It can also be the account name, as is the case with Azure.	String
Secret Access Key (Account Key) (Optional)	The secret access key string that will be used to authenticate the connection to cloud storage.	Encrypted String
Region (Environment) (Optional)	The region string for the cloud storage. If provided, the value must use the format defined by the cloud storage choice. The default is the selected cloud provider's default account.	String
Service End Point (Optional)	The service endpoint (URI) of the cloud storage, such as `oss-us-west-1.aliyuncs.com`. If no value is provided, the default endpoint for the selected cloud storage type will be used. The CNAME redirected endpoint can also be used if needed.	String
Provider Options (Optional)	The configuration options pertaining to the specific type of cloud service. Some services offer options, some do not. You only need to set this parameter if you want to turn on the options. Only a subset of options are supported when creating a cloud storage connection file to access a Parquet file, as noted in the following descriptions. Azure and Microsoft Azure Data Lake Storage `AZURE_STORAGE_SAS_TOKEN`—Specify a shared access signature. Ensure that its value is URL encoded and does not contain leading '?' or '&' characters. When using this option, the Secret Access Key (Account Key) parameter must be empty. This option is supported for accessing a Parquet file. `AZURE_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that don't require authenticated access. When using this option, the Secret Access Key (Account Key) parameter must be empty. The default value is `False`. This option is supported for accessing a Parquet file. `AZURE_STORAGE_CONNECTION_STRING`—Specify an Azure Storage connection string. This string embeds the account name, key, and endpoint. When using this option, the Access Key ID (Account Name) and Secret Access Key (Account Key) parameters must be empty. This option is supported for accessing a Parquet file. `CPL_AZURE_USE_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. `AZURE_IMDS_OBJECT_ID`—Specify the Object ID of the managed identity authenticated using Azure Instance Metadata Service (IMDS) if your Azure VM has multiple user-assigned managed identities set. `AZURE_IMDS_CLIENT_ID`—Specify the Client ID of the managed identity authenticated using Azure IMDS if your Azure VM has multiple user-assigned managed identities set. `AZURE_IMDS_MSI_RES_ID`—Specify the Resource ID of the managed identity authenticated using Azure IMDS if your Azure VM has multiple user-assigned managed identities set. Amazon and MinIO `AWS_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that don't require authenticated access. The default value is `False`. This option is supported for accessing a Parquet file. `AWS_SESSION_TOKEN`—Specify temporary credentials. This option is supported for accessing a Parquet file. `AWS_S3SESSION_TOKEN`—Specify temporary credentials to access a directory bucket. `AWS_PROFILE`—AWS credential profiles are automatically used when the access key or ID is missing. This option can be used to specify the profile to use. This option is supported for accessing a Parquet file. `AWS_REQUEST_PAYER`—Requester Pays buckets can be accessed by setting this option to requester. `AWS_Virtual_Hosting`—If you use Amazon S3 or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `CPL_VSIS3_USE_BASE_RMDIR_RECURSIVE`—Some older S3-compatible implementations do not support the Bulk Delete operation. Set this option to `False` for these providers. The default value is `True`. `AWS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. Google `GS_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that do not require authenticated access. The default value is `True`. This option is supported for accessing a Parquet file. `GS_USER_PROJECT`—Requester Pays buckets can be accessed by setting OAuth2 keys and a project for billing. Set the project using this option and set OAuth2 keys using other options and not HMAC keys as a secret access key or ID. `GS_OAUTH2_REFRESH_TOKEN`—Specify OAuth2 Refresh Access Token. Set OAuth2 client credentials using `GS_OAUTH2_CLIENT_ID` and `GS_OAUTH2_CLIENT_SECRET`. `GOOGLE_APPLICATION_CREDENTIALS`—Specify Service Account OAuth2 credentials using a `.json` file containing a private key and client email address. This option is supported for accessing a Parquet file. `GS_OAUTH2_PRIVATE_KEY`—Specify Service Account OAuth2 credentials using a private key string. `GS_AUTH2_CLIENT_EMAIL` must be set. `GS_OAUTH2_PRIVATE_KEY_FILE`—Specify Service Account OAuth2 credentials using a private key from a file. `GS_AUTH2_CLIENT_EMAIL` must be set. `GS_AUTH2_CLIENT_EMAIL`—Specify Service Account OAuth2 credentials using a client email address. `GS_AUTH2_SCOPE`—Specify Service Account OAuth2 scope. Valid values are `https://www.googleapis.com/auth/devstorage.read_write` (the default) and `https://www.googleapis.com/auth/devstorage.read_only`. `GDAL_HTTP_HEADER_FILE`—Specify bearer authentication credentials stored in an external file. Alibaba `OSS_Virtual_Hosting`—If you use Alibaba or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `OSS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. WebHDFS `WEBHDFS_REPLICATION` (integer)—The replication value is used when creating a file. `WEBHDFS_PERMISSION` (decimal)—A permission mask is used when creating a file. If multiple authentication parameters are provided, precedence is as follows: Azure—`AZURE_STORAGE_CONNECTION_STRING`, account name or key, `AZURE_STORAGE_SAS_TOKEN`, `AZURE_NO_SIGN_REQUEST`, or `RBAC`. Amazon—`AWS_NO_SIGN_REQUEST`, access ID or key or `AWS_SESSION_TOKEN`, `AWS Credential Profile`, or `IAM Role`. Google—`GS_NO_SIGN_REQUEST`, access ID or key, `GDAL_HTTP_HEADER_FILE`, `(GS_OAUTH2_REFRESH_TOKEN or GS_OAUTH2_CLIENT_ID and GS_OAUTH2_CLIENT_SECRET)`, `GOOGLE_APPLICATION_CREDENTIALS`, `(GS_OAUTH2_PRIVATE_KEY or GS_OAUTH2_CLIENT_EMAIL)`, `(GS_OAUTH2_PRIVATE_KEY_FILE or GS_OAUTH2_CLIENT_EMAIL)`, or `IAM Role`. Ozone `AWS_PROFILE`—AWS credential profiles are automatically used when the access key or ID is missing. This option can be used to specify the profile to use. `AWS_Virtual_Hosting`—If you use Amazon S3 or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `AWS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. `CPL_VSIS3_USE_BASE_RMDIR_RECURSIVE`—Some older S3-compatible implementations do not support the Bulk Delete operation. Set this option to `False` for these providers. The default value is `True`. `x-amz-storage-class`—Specify `REDUCED_REDUNDANCY` for writing to a single container ozone, as it has a single data node. Web When using the Web option, an authenticated HTTP/HTTPS endpoint can be accessed using an ACS. Authentication parameters are passed as provider options and will be used to access the endpoint. `GDAL_HTTP_USERPWD`—The HTTP user and password to use for the connection. It must be in the form of `[user name]:[password]`. Use `GDAL_HTTP_AUTH` to determine the authentication method. `GDAL_HTTP_NETRC_FILE`—Set the location of a `.netrc` file. `GDAL_HTTP_HEADERS`—Specify headers as a comma-separated list of `key:value pairs`. `GDAL_HTTP_BEARER`—Set HTTP OAuth 2.0 Bearer Access Token to use for the connection. This must be used with `GDAL_HTTP_AUTH=BEARER`. `GDAL_HTTP_AUTH`—Select the type of authentication method to use: `[BASIC/NTLM/NEGOTIATE/ANY/ANYSAFE/BEARER]`. `GDAL_HTTP_SSLCERT`—The file name of the SSL client certificate for PKI authentication. `GDAL_HTTP_SSLKEY`—The private key file path for the TLS and SSL client certificate for PKI authentication. `GDAL_HTTP_KEYPASSWD`—The pass phrase to the private key of `GDAL_HTTP_SSLKEY`. In addition to the provider options listed above, the `ARC_DEEP_CRAWL` option can be used with all of the service providers. If set to `True`, it is used to identify CRFs with no extension and cloud-enabled raster products in the cloud. This is operation intensive and it is recommended that you set this option to `False` for faster catalog browsing and crawling. The default value is `False`. Custom token vending services—such as Planetary Computer's data collection, for example—can be authenticated using the `ARC_TOKEN_SERVICE_API` (the URL of the token vendor) and `ARC_TOKEN_OPTION_NAME` (the type of token from the service provider) provider options. Note: The `GDAL_DISABLE_READDIR_ON_OPEN` option is available with all the service providers. To improve the performance of loading cloud-based rasters, this option is set to `NO` by default. If the raster resides in a folder that contains more than 30,000 items, set this option to `YES`. Value table columns: Name—The name of the provider configuration. Value—The value of the provider configuration.	Value Table
Folder (Optional)	The folder in the Bucket (Container) Name parameter value where the raster dataset or Parquet file is stored. If using this location for output for raster geoprocessing tools, this is the folder where the output raster dataset will be stored.	String
Authentication (Optional)	The connection name of OAuth 2.0 authentication. A valid connection must be configured on the Options dialog box on the Authentication tab.	String

Derived output

Label	Explanation	Data type
Output Connection File	The output cloud storage connection file path.	File

arcpy.management.CreateCloudStorageConnectionFile(out_folder_path, out_name, service_provider, bucket_name, {access_key_id}, {secret_access_key}, {region}, {end_point}, {config_options}, {folder}, {authentication})

Name	Explanation	Data type
out_folder_path	The folder path where the connection file (`.acs`) will be created.	Folder
out_name	The name of the cloud storage connection file.	String
service_provider	Specifies the cloud storage service provider that will be used. `AZURE`—The service provider will be Microsoft Azure, and accessing a Parquet file is supported. `AMAZON`—The service provider will be Amazon S3, and accessing a Parquet file is supported. `GOOGLE`—The service provider will be Google Cloud Storage, and accessing a Parquet file is supported. `ALIBABA`—The service provider will be Alibaba Cloud Storage. `WEBHDFS`—The service provider will be WebHDFS. `MINIO`—The service provider will be MinIO. `AZUREDATALAKE`—The service provider will be Microsoft Azure Data Lake Storage, and accessing a Parquet file is supported. `OZONE`—The service provider will be Ozone. `WEB`—The service provider that will be used to access generic HTTP URLs.	String
bucket_name	The name of the cloud storage container where the raster dataset or Parquet file is stored. If you're using this location for raster geoprocessing tool output, this is the container where the output raster dataset will be stored. Many cloud providers also call this container a bucket.	String
access_key_id (Optional)	The access key ID string for the specific cloud storage type. It can also be the account name, as is the case with Azure.	String
secret_access_key (Optional)	The secret access key string that will be used to authenticate the connection to cloud storage.	Encrypted String
region (Optional)	The region string for the cloud storage. If provided, the value must use the format defined by the cloud storage choice. The default is the selected cloud provider's default account.	String
end_point (Optional)	The service endpoint (URI) of the cloud storage, such as `oss-us-west-1.aliyuncs.com`. If no value is provided, the default endpoint for the selected cloud storage type will be used. The CNAME redirected endpoint can also be used if needed.	String
config_options [config_options,...] (Optional)	The configuration options pertaining to the specific type of cloud service. Some services offer options, some do not. You only need to set this parameter if you want to turn on the options. Only a subset of options are supported when creating a cloud storage connection file to access a Parquet file, as noted in the following descriptions. Azure and Microsoft Azure Data Lake Storage `AZURE_STORAGE_SAS_TOKEN`—Specify a shared access signature. Ensure that its value is URL encoded and does not contain leading '?' or '&' characters. When using this option, the Secret Access Key (Account Key) parameter must be empty. This option is supported for accessing a Parquet file. `AZURE_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that don't require authenticated access. When using this option, the Secret Access Key (Account Key) parameter must be empty. The default value is `False`. This option is supported for accessing a Parquet file. `AZURE_STORAGE_CONNECTION_STRING`—Specify an Azure Storage connection string. This string embeds the account name, key, and endpoint. When using this option, the Access Key ID (Account Name) and Secret Access Key (Account Key) parameters must be empty. This option is supported for accessing a Parquet file. `CPL_AZURE_USE_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. `AZURE_IMDS_OBJECT_ID`—Specify the Object ID of the managed identity authenticated using Azure Instance Metadata Service (IMDS) if your Azure VM has multiple user-assigned managed identities set. `AZURE_IMDS_CLIENT_ID`—Specify the Client ID of the managed identity authenticated using Azure IMDS if your Azure VM has multiple user-assigned managed identities set. `AZURE_IMDS_MSI_RES_ID`—Specify the Resource ID of the managed identity authenticated using Azure IMDS if your Azure VM has multiple user-assigned managed identities set. Amazon and MinIO `AWS_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that don't require authenticated access. The default value is `False`. This option is supported for accessing a Parquet file. `AWS_SESSION_TOKEN`—Specify temporary credentials. This option is supported for accessing a Parquet file. `AWS_S3SESSION_TOKEN`—Specify temporary credentials to access a directory bucket. `AWS_PROFILE`—AWS credential profiles are automatically used when the access key or ID is missing. This option can be used to specify the profile to use. This option is supported for accessing a Parquet file. `AWS_REQUEST_PAYER`—Requester Pays buckets can be accessed by setting this option to requester. `AWS_Virtual_Hosting`—If you use Amazon S3 or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `CPL_VSIS3_USE_BASE_RMDIR_RECURSIVE`—Some older S3-compatible implementations do not support the Bulk Delete operation. Set this option to `False` for these providers. The default value is `True`. `AWS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. Google `GS_NO_SIGN_REQUEST`—Anonymously connect to buckets (containers) that do not require authenticated access. The default value is `True`. This option is supported for accessing a Parquet file. `GS_USER_PROJECT`—Requester Pays buckets can be accessed by setting OAuth2 keys and a project for billing. Set the project using this option and set OAuth2 keys using other options and not HMAC keys as a secret access key or ID. `GS_OAUTH2_REFRESH_TOKEN`—Specify OAuth2 Refresh Access Token. Set OAuth2 client credentials using `GS_OAUTH2_CLIENT_ID` and `GS_OAUTH2_CLIENT_SECRET`. `GOOGLE_APPLICATION_CREDENTIALS`—Specify Service Account OAuth2 credentials using a `.json` file containing a private key and client email address. This option is supported for accessing a Parquet file. `GS_OAUTH2_PRIVATE_KEY`—Specify Service Account OAuth2 credentials using a private key string. `GS_AUTH2_CLIENT_EMAIL` must be set. `GS_OAUTH2_PRIVATE_KEY_FILE`—Specify Service Account OAuth2 credentials using a private key from a file. `GS_AUTH2_CLIENT_EMAIL` must be set. `GS_AUTH2_CLIENT_EMAIL`—Specify Service Account OAuth2 credentials using a client email address. `GS_AUTH2_SCOPE`—Specify Service Account OAuth2 scope. Valid values are `https://www.googleapis.com/auth/devstorage.read_write` (the default) and `https://www.googleapis.com/auth/devstorage.read_only`. `GDAL_HTTP_HEADER_FILE`—Specify bearer authentication credentials stored in an external file. Alibaba `OSS_Virtual_Hosting`—If you use Alibaba or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `OSS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. WebHDFS `WEBHDFS_REPLICATION` (integer)—The replication value is used when creating a file. `WEBHDFS_PERMISSION` (decimal)—A permission mask is used when creating a file. If multiple authentication parameters are provided, precedence is as follows: Azure—`AZURE_STORAGE_CONNECTION_STRING`, account name or key, `AZURE_STORAGE_SAS_TOKEN`, `AZURE_NO_SIGN_REQUEST`, or `RBAC`. Amazon—`AWS_NO_SIGN_REQUEST`, access ID or key or `AWS_SESSION_TOKEN`, `AWS Credential Profile`, or `IAM Role`. Google—`GS_NO_SIGN_REQUEST`, access ID or key, `GDAL_HTTP_HEADER_FILE`, `(GS_OAUTH2_REFRESH_TOKEN or GS_OAUTH2_CLIENT_ID and GS_OAUTH2_CLIENT_SECRET)`, `GOOGLE_APPLICATION_CREDENTIALS`, `(GS_OAUTH2_PRIVATE_KEY or GS_OAUTH2_CLIENT_EMAIL)`, `(GS_OAUTH2_PRIVATE_KEY_FILE or GS_OAUTH2_CLIENT_EMAIL)`, or `IAM Role`. Ozone `AWS_PROFILE`—AWS credential profiles are automatically used when the access key or ID is missing. This option can be used to specify the profile to use. `AWS_Virtual_Hosting`—If you use Amazon S3 or S3-compatible cloud providers that support only path-style requests, set this option to `True`. It is recommended that you use virtual hosting if it's supported. The default value is `True`. `AWS_HTTPS`—Set to `False` to use HTTP requests. Some servers may be configured to only support HTTPS requests. The default value is `True`. `CPL_VSIS3_USE_BASE_RMDIR_RECURSIVE`—Some older S3-compatible implementations do not support the Bulk Delete operation. Set this option to `False` for these providers. The default value is `True`. `x-amz-storage-class`—Specify `REDUCED_REDUNDANCY` for writing to a single container ozone, as it has a single data node. Web When using the Web option, an authenticated HTTP/HTTPS endpoint can be accessed using an ACS. Authentication parameters are passed as provider options and will be used to access the endpoint. `GDAL_HTTP_USERPWD`—The HTTP user and password to use for the connection. It must be in the form of `[user name]:[password]`. Use `GDAL_HTTP_AUTH` to determine the authentication method. `GDAL_HTTP_NETRC_FILE`—Set the location of a `.netrc` file. `GDAL_HTTP_HEADERS`—Specify headers as a comma-separated list of `key:value pairs`. `GDAL_HTTP_BEARER`—Set HTTP OAuth 2.0 Bearer Access Token to use for the connection. This must be used with `GDAL_HTTP_AUTH=BEARER`. `GDAL_HTTP_AUTH`—Select the type of authentication method to use: `[BASIC/NTLM/NEGOTIATE/ANY/ANYSAFE/BEARER]`. `GDAL_HTTP_SSLCERT`—The file name of the SSL client certificate for PKI authentication. `GDAL_HTTP_SSLKEY`—The private key file path for the TLS and SSL client certificate for PKI authentication. `GDAL_HTTP_KEYPASSWD`—The pass phrase to the private key of `GDAL_HTTP_SSLKEY`. In addition to the provider options listed above, the `ARC_DEEP_CRAWL` option can be used with all of the service providers. If set to `True`, it is used to identify CRFs with no extension and cloud-enabled raster products in the cloud. This is operation intensive and it is recommended that you set this option to `False` for faster catalog browsing and crawling. The default value is `False`. Custom token vending services—such as Planetary Computer's data collection, for example—can be authenticated using the `ARC_TOKEN_SERVICE_API` (the URL of the token vendor) and `ARC_TOKEN_OPTION_NAME` (the type of token from the service provider) provider options. Note: The `GDAL_DISABLE_READDIR_ON_OPEN` option is available with all the service providers. To improve the performance of loading cloud-based rasters, this option is set to `NO` by default. If the raster resides in a folder that contains more than 30,000 items, set this option to `YES`. Value table columns: `Name`—The name of the provider configuration. `Value`—The value of the provider configuration.	Value Table
folder (Optional)	The folder in the `bucket_name` parameter value where the raster dataset or Parquet file is stored. If using this location for output for raster geoprocessing tools, this is the folder where the output raster dataset will be stored.	String
authentication (Optional)	The connection name of OAuth 2.0 authentication.	String

Derived output

Name	Explanation	Data type
out_connection	The output cloud storage connection file path.	File

Code sample

CreateCloudStorageConnectionFile example 1 (Python window)

This is a Python sample for the CreateCloudStorageConnectionFile function.

#====================================
# CreateCloudStorageConnectionFile
# Usage:
# arcpy.management.CreateCloudStorageConnectionFile(
#     out_folder_path, out_name, AZURE | AMAZON | GOOGLE | ALIBABA, bucket_name,
#     {access_key_id}, {secret_access_key}, {region}, {end_point},
#     { {Name} {Value}; {Name} {Value}...})
# arcpy.management.CreateCloudStorageConnectionFile(
#     out_folder_path, out_name, AZURE | AMAZON | GOOGLE | ALIBABA, bucket_name,
#     {access_key_id}, {secret_access_key}, {region}, {end_point},
#     {config_options})

import arcpy

# Create connection to open public bucket with requester pay option
arcpy.management.CreateCloudStorageConnectionFile(
    "C:/Workspace/connections", "awss3storage.acs", "AMAZON", "publicrasterstore",
    config_options="AWS_REQUEST_PAYER requester")

# Create connection to secured Azure bucket
arcpy.management.CreateCloudStorageConnectionFile(
    "C:/Workspace/connections", "azurestorage.acs", "AZURE", "rasterstore", "imageaccount",
    "NOGEOU1238987OUOUNOQEWQWEIO")

# Create Alibaba connection with end points
arcpy.management.CreateCloudStorageConnectionFile(
    "C:/Workspace/connections", "aliyun.acs", "ALIBABA", "rasterstore", "AYOUER9273PJJNY",
"NOGEOU1238987OUOUNOQEWQWEIO", end_point="rasterstore.oss-us-west-1.aliyuncs.com")

CreateCloudStorageConnectionFile example 2 (stand-alone script)

This is a Python sample for the CreateCloudStorageConnectionFile function.

#====================================
# CreateCloudStorageConnectionFile
# Usage:
# arcpy.management.CreateCloudStorageConnectionFile(
#     out_folder_path, out_name, AZURE | AMAZON | GOOGLE | ALIBABA, bucket_name,
#     {access_key_id}, {secret_access_key}, {region}, {end_point},
#     { {Name} {Value}; {Name} {Value}...})
# arcpy.management.CreateCloudStorageConnectionFile(
#     out_folder_path, out_name, AZURE | AMAZON | GOOGLE | ALIBABA, bucket_name,
#     {access_key_id}, {secret_access_key}, {region}, {end_point},
#     {config_options})

import arcpy

outfolder = "C:/Workspace/connections"
connectname = "googlecloudos.acs"
provider = "GOOGLE"
accesskey = "AYOUER9273PJJNY"
secretkey = "NOGEOU1238987OUOUNOQEWQWEIO"
bucketname = "rasterstore"

# Create connection to Google cloud object storage
arcpy.management.CreateCloudStorageConnectionFile(
outfolder, connectname, provider, bucketname, accesskey, secretkey)

CreateCloudStorageConnectionFile example 3 (Python window)

This is a Python sample for the CreateCloudStorageConnectionFile function to connect with token vending services.

#====================================
# CreateCloudStorageConnectionFile

import arcpy

outfolder = "C:/Workspace/connections"
connectname = "planetary_landsat.acs"
provider = "Azure"
accesskey = "landsateuwest"
secretkey = ""
bucketname = "landsat-c2"
folder = ""
region = ""
endpoint = ""
config_options= "ARC_TOKEN_OPTION_NAME AZURE_STORAGE_SAS_TOKEN; ARC_TOKEN_SERVICE_API https://planetarycomputer.microsoft.com/api/sas/v1/token/landsateuwest/landsat-c2"

# Create connection to planetary computer landsat data collection

print(arcpy.management.CreateCloudStorageConnectionFile(outfolder, connectname, provider, bucketname, accesskey, secretkey, region, endpoint, config_options, folder))
print(arcpy.GetMessages())

Environments

This tool does not use any geoprocessing environments.

Licensing information

Basic: Yes
Standard: Yes
Advanced: Yes

Create Cloud Storage Connection File (Data Management Tools)

Summary

Usage

Caution:

Parameters

Note:

Derived output

Environments

Licensing information

Related topics