New

Make It Easier For A Team To Share S3 Location Configurations

Forum|Forum|1 year ago
April 22, 2024
9 replies
2705 views

Description - We are trying to move away from the legacy S3 configuration to the newer option, where you can use an IAM role for Adobe to assume when delivering S3 files. This reduces the amount of maintenance from our end in supporting access keys/secret keys. However, it seems like when configuring export locations, those can only be seen by the creator. As a team with multiple users using the UI, it'd be nice for everyone to have access to the same info.

Why is this feature important to you - It'd allow us to easily reconfigure our feeds via this method

How would you like the feature to work - See everyone (or at least everyone within our group)'s export locations when configuring or changing feeds.

Current Behaviour - This is only exposed at a user level

K

Kumar29917170hcyp

Adobe Employee

Hi @matthewwe3,

The feature to establish a S3 destination connection using the IAM role is available.

The Amazon S3 destination supports two authentication methods:

Access key and secret key authentication
Assumed role authentication

Documentation link- https://experienceleague.adobe.com/en/docs/experience-platform/destinations/catalog/cloud-storage/amazon-s3#authenticate

Regards,

Kumar Saurabh

M

MatthewWe3Author

Yes, I understand that. The issue is when I create a connection, only I have access to it. I want others on my team to be able to access it as well so they can continue to modify feeds as necessary when I'm eventually gone.

P

Prateek-Garg

Level 2

Hi @matthewwe3 , If other folks in your team have privileges to export to a destination in AEP then they can access this destination as well. Now the thing is what fields need to be exported to destination output and that remains same for all the exports for that destination.

If you have a requirement to export different sets of fields for each feeds then you need to configure multiple destinations using the same IAM role. In this case each destination should corresponds to a particular feed which its own set of fields which needs to be exported.

Regards,

Prateek

M

MatthewWe3Author

Apologies if I'm not being clear enough. They have the ability to create connections as well, confirmed. What's missing is that they can't see my connections, and I can't see theirs. If we can fix the permissions around that, it'd be really helpful for us.

P

Prateek-Garg

Level 2

I am not sure how this is possible unless you all have different permissions. For destinations you all need to have permissions like this:

R

RohitJa6

Hey @matthewwe3 , I am too trying to setup a data feed using the Amazon S3 location type that uses IAM role for authentication and authorization.

Can you let me know how did you configure the trust relations between adobe and the destination aws account. From what I understand, the IAM role needs information about the source account and user to configure the trust relations.

Thanks.

M

MatthewWe3Author

I followed the documentation for that: https://experienceleague.adobe.com/en/docs/analytics/export/analytics-data-feed/create-feed. So long as the trust is there between the service user Adobe has and your role, it should work as expected.

R

RohitJa6

Thanks @matthewwe3 for the quick response, here in the document, it's mentioned that the "User ARN" is provided by Adobe. This user arn is something I need to configure the trust relation in the IAM role in the destination account.

However, I am not sure where I can get this "User ARN", is it something I need to contact the adobe support team or is it something I can find on adobe analytics console.

M

MatthewWe3Author

You can find it in the console if you try to create a configuration. That's what you need to establish the trust with.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded