Overview
Amazon Simple Storage Service (Amazon S3) is an object storage service that offers industry-leading scalability, data availability, security, and performance. AWS Identity and Access Management (IAM) enables you to manage access to AWS services and resources securely.
Once connection to S3 is set up Cordial can fetch data files from your S3 buckets for import into the Cordial database, as well as export data (such as contacts, activities or analytics). Using S3 for imports and exports allows secure and reliable data transfer between Cordial and your organization.
Set up
To start using import and export data functionality with S3 first you need to configure Amazon S3 marketplace card to establish a connection from Cordial to your S3 bucket. After the marketplace card is configured a new option will appear on data import and export pages within the UI.
Configure Amazon S3 marketplace card
To configure S3 marketplace card, 2 things should be done:
- create AWS role in your AWS account with the permissions required and
- enter role details into AWS Account ID and AWS Role Name fields.
Create AWS role
You need to create an AWS role that will have the required permissions to access the S3 bucket to be used with Cordial. There are two ways to create a role: automatic and manual.
Automatic (recommended):
- On the marketplace card click Automatically create new role button. This opens the AWS Console and loads the CloudFormation stack. All the parameters are pre-filled but one: BucketName.
- Enter the name of the bucket that Cordial will be reading from and writing to. Note the name of the role, which is by default set to CordialS3IntegrationRole .
- Click Create stack and wait until it is created within AWS.
Manual:
- Create a new role in the AWS IAM Console.
- Select Another AWS account for the Role Type.
- For Account ID, enter 063772531253 if your Cordial account is us-west-1 or us-west-2, or 362778264086 if your Cordial account is eu-west-1. This means that you are granting Cordial access to your AWS data.
- Select Require external ID and enter the one generated on the marketplace card. Make sure you leave Require MFA disabled.
- Click Next: Permissions.
- If you’ve already created the policy, search for it on this page and select it, then skip to step 12. Otherwise, click Create Policy, which opens in a new window.
- Select the JSON tab. Use policy snippet below in the textbox.
- Click Next: Tags and Review Policy.
- Name the policy CordialS3IntegrationPolicy or one of your own choosing, and provide an apt description.
- Click Create Policy, then close this window.
- Back in the “Create role” window, refresh the list of policies and select the policy you just created.
- Click Next: Tags and Next: Review.
- Give the role a name such as CordialS3IntegrationRole, as well as an apt description.
- Click Create Role
Policy Snippet
For policy snippet use the following JSON. Make sure to replace <bucketName> with your bucket name or to * to enable access to all buckets:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:ListBucket",
"s3:GetBucketLocation"
],
"Resource": "arn:aws:s3:::<bucketName>",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject",
"s3:GetObject",
"s3:GetObjectAttributes",
"s3:DeleteObject"
],
"Resource": "arn:aws:s3:::<bucketName>/*",
"Effect": "Allow"
}
]
}
Enter role details on the marketplace card
After the role is created, enter AWS Account ID, which is your account id, and AWS Role Name which is the name of the role created in AWS. Click Test Connection to verify the set up is complete and save the config. You are ready to import data from and export to S3.
Importing data from S3
To import contacts from S3, the import UI will have S3 source option. After IAM Role authentication is selected, enter the path to your S3 file by specifying AWS bucket, AWS region, and Path fields. The import will use the role that is configured in the marketplace card to access the specified S3 path.
Comments
0 comments
Article is closed for comments.