Adobe Experience Platform Data Collection

MatthewWe3 · 4/22/24

Description - We are trying to move away from the legacy S3 configuration to the newer option, where you can use an IAM role for Adobe to assume when delivering S3 files. This reduces the amount of maintenance from our end in supporting access keys/secret keys. However, it seems like when configuring export locations, those can only be seen by the creator. As a team with multiple users using the UI, it'd be nice for everyone to have access to the same info.

Why is this feature important to you - It'd allow us to easily reconfigure our feeds via this method

How would you like the feature to work - See everyone (or at least everyone within our group)'s export locations when configuring or changing feeds.

Current Behaviour - This is only exposed at a user level

Kumar_Saurabh_ · 4/22/24

Hi @MatthewWe3,

The feature to establish a S3 destination connection using the IAM role is available.

The Amazon S3 destination supports two authentication methods:

Access key and secret key authentication
Assumed role authentication

Documentation link- https://experienceleague.adobe.com/en/docs/experience-platform/destinations/catalog/cloud-storage/am...

Regards,

Kumar Saurabh

MatthewWe3 · 4/23/24

Yes, I understand that. The issue is when I create a connection, only I have access to it. I want others on my team to be able to access it as well so they can continue to modify feeds as necessary when I'm eventually gone.

Prateek-Garg · 4/23/24

Hi @MatthewWe3 , If other folks in your team have privileges to export to a destination in AEP then they can access this destination as well. Now the thing is what fields need to be exported to destination output and that remains same for all the exports for that destination.

If you have a requirement to export different sets of fields for each feeds then you need to configure multiple destinations using the same IAM role. In this case each destination should corresponds to a particular feed which its own set of fields which needs to be exported.

Regards,

Prateek

MatthewWe3 · 4/23/24

Apologies if I'm not being clear enough. They have the ability to create connections as well, confirmed. What's missing is that they can't see my connections, and I can't see theirs. If we can fix the permissions around that, it'd be really helpful for us.

Prateek-Garg · 4/23/24

I am not sure how this is possible unless you all have different permissions. For destinations you all need to have permissions like this:

RohitJa6 · 5/30/24

Hey @MatthewWe3 , I am too trying to setup a data feed using the Amazon S3 location type that uses IAM role for authentication and authorization.

Can you let me know how did you configure the trust relations between adobe and the destination aws account. From what I understand, the IAM role needs information about the source account and user to configure the trust relations.

Thanks.

MatthewWe3 · 5/30/24

I followed the documentation for that: https://experienceleague.adobe.com/en/docs/analytics/export/analytics-data-feed/create-feed. So long as the trust is there between the service user Adobe has and your role, it should work as expected.

RohitJa6 · 5/30/24

Thanks @MatthewWe3 for the quick response, here in the document, it's mentioned that the "User ARN" is provided by Adobe. This user arn is something I need to configure the trust relation in the IAM role in the destination account.

However, I am not sure where I can get this "User ARN", is it something I need to contact the adobe support team or is it something I can find on adobe analytics console.

MatthewWe3 · 5/30/24

You can find it in the console if you try to create a configuration. That's what you need to establish the trust with.

Adobe Experience Platform Data Collection

Make It Easier For A Team To Share S3 Location Configurations

Learn

Documentation

Community

Support

Resources

Adobe account

Adobe