# Cloud File Transfer Leverage cloud file transfer to distribute audience data for buyers within MediaMath. The data can be made available globally, so every MediaMath customer can access it, or [permissioned](/apis/audience-taxonomies/section/audience-segments-and-taxonomies/taxonomies-(permissioned)) to a particular customer. The method for distributing the data to MediaMath is the same in both scenarios. Note: the [user sync process](/guides/syncing), [audience file format](/guides/server-to-server#audience-file), and [quotas](/guides/server-to-server#quota) are the same for data import via [server-to-server](/guides/server-to-server) and cloud file transfer. # Amazon S3 Amazon Simple Storage Service (Amazon S3) provides a method of file delivery to MediaMath, which follows: 1. Data provider requests temporary S3 credentials from MediaMath 2. Using the temporary credentials, data provider creates an S3 client 3. Using the S3 client, data provider delivers files # Temporary S3 Credentials Temporary S3 credentials can be obtained using your [MediaMath SFTP credentials](/guides/server-to-server#sftp). > To request an SFTP account, engage with [the partnerships team](https://www.mediamath.com/partners/) and also **share an IP address** we can grant permission to use the CFT service. To request temporary S3 credentials, submit a POST with your SFTP credentials in the body of the request. ``` curl -X POST --header 'Content-Type: application/json' --heade r 'Accept: application/json' -d '{ \ "username": "{your-username}", \ "password": "{your-password}" \ }' 'https://cft-default.prod.octane.mediamath.com/v1/s3' ``` On success, the response body will contain an `accessKeyID`, `secretAccessKey` & `sessionToken`. These credentials can be used with the AWS SDK or AWS CLI. Temporary security credentials are short-lived and expire after one hour, so you’ll need to update your temporary credentials periodically. # AWS SDK (Java) To create an S3 client using temporary credentials: ``` BasicSessionCredentials sessionCredentials = new BasicSessionC redentials( "{your_aws_access_key_id}", "{your_aws_secret_access_key}", "{your_aws_session_token}" ); AmazonS3 s3 = AmazonS3ClientBuilder.standard() .withCredentials(new AWSStaticCredentialsProvider(sessionCre dentials)) .build(); ``` # AWS CLI To create an S3 client using temporary credentials, add a new profile to your ~/.aws/credentials file: ``` aws_access_key_id = {your_aws_access_key_id} aws_secret_access_key = {your_aws_secret_access_key} aws_session_token = {your_aws_session_token} ``` ``` //list objects aws s3 --profile=s2s ls s3://prod-default-cft/{your-integratio n-name}/ //put object aws s3 --profile=s2s cp {your-file} s3://prod-default-cft/{you r-integration-name}/{your-object-name} //get object aws s3 --profile=s2s cp s3://prod-default-cft/{your-integratio n-name}/{your-object-name} {your-file} ``` # Permissions We permission use for the following operations: `S3:ListObjectsV2`,`S3:GetObject`,`S3:PutObject` On the path: `S3://prod-default-cft/{your-integration-name}/` Note: S3 enforces a 5GB strict file size limit and the policy does not permit the user permission to use multipart uploads. # Lifetime Temporary security credentials are short-term and will expire after one hour. After the credentials expire, AWS no longer recognizes them or allows any kind of access from API requests made with them. When (or even before) the temporary security credentials expire, the user can request new credentials, as long as the user requesting them still has permissions to do so.