Skip to main content
This guide provides the configuration parameters for connecting RisingWave to the object storage backend for your Apache Iceberg data. These parameters are used in the WITH clause when creating an Iceberg source, sink, or connection.

S3-compatible storage

These parameters configure the connection to an S3-compatible storage system, such as AWS S3 or MinIO, where your Iceberg data files are stored.
ParameterDescription
warehouse.pathRequired. The base path to your Iceberg warehouse. Example: 's3://my-bucket/iceberg-warehouse'
s3.regionRequired. The AWS region where the bucket is hosted.
s3.access.keyConditional. The AWS access key ID.
s3.secret.keyConditional. The AWS secret access key.
s3.iam_role_arnOptional. The IAM role ARN to assume for S3 access via STS. When set, the S3 FileIO layer assumes the specified role instead of using only the access key/secret pair, enabling tighter separation between object store access and other AWS permissions.
s3.endpointOptional. The endpoint for S3-compatible services like MinIO. For AWS S3, this is typically not needed.
s3.path.style.accessOptional. Set to true to use path-style access (e.g., for MinIO). Defaults to false for virtual-hosted–style access.
In RisingWave Cloud, AWS credentials (s3.access.key, s3.secret.key) are required and cannot be omitted. In self-hosted deployments, you may omit them to rely on the AWS SDK default credential chain (for example, EC2 instance profile or environment variables).

Google Cloud Storage (GCS)

These parameters configure the connection to Google Cloud Storage.
Support for GCS was added in RisingWave v2.3.0.
ParameterDescription
warehouse.pathRequired. The GCS path to your warehouse. Example: 'gs://my-bucket/iceberg-warehouse'
gcs.credentialOptional. The Base64-encoded credential key from a GCS service account JSON file. If not provided, Application Default Credentials (ADC) will be used.
Example
CREATE SINK my_iceberg_sink FROM my_mv WITH (
    connector = 'iceberg',
    type = 'append-only',
    catalog.type = 'rest',
    catalog.uri = 'http://127.0.0.1:8181',
    warehouse.path = 'gs://my-bucket/warehouse',
    gcs.credential = '...'
);

Azure Blob Storage

These parameters configure the connection to Azure Blob Storage.
Support for Azure Blob Storage was added in RisingWave v2.4.0.
ParameterDescription
warehouse.pathRequired. The Azure Blob Storage path. Example: 'azblob://container-name/warehouse'
azblob.account_nameRequired. The Azure Storage account name.
azblob.account_keyRequired. The Azure Storage account key.
azblob.endpoint_urlOptional. The endpoint URL for the Azure Blob service. Defaults to https://<account_name>.blob.core.windows.net/.
Example
CREATE SINK my_iceberg_sink FROM my_mv WITH (
    connector = 'iceberg',
    type = 'append-only',
    catalog.type = 'storage',
    warehouse.path = 'azblob://my-container/warehouse',
    azblob.account_name = 'myaccount',
    azblob.account_key = '...'
);

Azure Data Lake Storage Gen2 (ADLS)

These parameters configure the connection to Azure Data Lake Storage Gen2.
Support for ADLS was added in RisingWave v2.5.0. ADLS can only be used with REST catalog.
ParameterDescription
warehouse.pathRequired. The warehouse path. This is typically just the name of the container or a relative path.
adlsgen2.account_nameRequired. The Azure Storage account name.
adlsgen2.account_keyRequired. The Azure Storage account key. Alternatively, you can use client credentials (client ID, client secret, tenant ID) configured in your REST catalog.
adlsgen2.endpointOptional. The endpoint URL for ADLS. Defaults to https://<account_name>.dfs.core.windows.net/.
Example
CREATE SINK my_iceberg_sink FROM my_mv WITH (
    connector = 'iceberg',
    type = 'upsert',
    primary_key = 'id',
    catalog.type = 'rest',
    catalog.uri = 'http://127.0.0.1:8181/catalog/',
    catalog.name = 'demo',
    warehouse.path = 'test',
    database.name = 'my_database',
    table.name = 'my_table',
    adlsgen2.account_name = 'myaccount',
    adlsgen2.account_key = '...'
);