Expand my Community achievements bar.

Make It Easier For A Team To Share S3 Location Configurations

Avatar

Level 1

4/22/24

Description - We are trying to move away from the legacy S3 configuration to the newer option, where you can use an IAM role for Adobe to assume when delivering S3 files. This reduces the amount of maintenance from our end in supporting access keys/secret keys. However, it seems like when configuring export locations, those can only be seen by the creator. As a team with multiple users using the UI, it'd be nice for everyone to have access to the same info.

Why is this feature important to you - It'd allow us to easily reconfigure our feeds via this method

How would you like the feature to work - See everyone (or at least everyone within our group)'s export locations when configuring or changing feeds.

Current Behaviour - This is only exposed at a user level

9 Comments

Avatar

Employee

4/22/24

Hi @MatthewWe3,

The feature to establish a S3 destination connection using the IAM role is available.

The Amazon S3 destination supports two authentication methods:

  • Access key and secret key authentication
  • Assumed role authentication

Documentation link- https://experienceleague.adobe.com/en/docs/experience-platform/destinations/catalog/cloud-storage/am...

 

Regards,

Kumar Saurabh

Avatar

Level 1

4/23/24

Yes, I understand that. The issue is when I create a connection, only I have access to it. I want others on my team to be able to access it as well so they can continue to modify feeds as necessary when I'm eventually gone.

Avatar

Level 3

4/23/24

Hi @MatthewWe3 , If other folks in your team have privileges to export to a destination in AEP then they can access this destination as well. Now the thing is what fields need to be exported to destination output and that remains same for all the exports for that destination. 

 

If you have a requirement to export different sets of fields for each feeds then you need to configure multiple destinations using the same IAM role. In this case each destination should corresponds to a particular feed which its own set of fields which needs to be exported.

 

Regards,

Prateek

Avatar

Level 1

4/23/24

Apologies if I'm not being clear enough. They have the ability to create connections as well, confirmed. What's missing is that they can't see my connections, and I can't see theirs. If we can fix the permissions around that, it'd be really helpful for us.

Avatar

Level 3

4/23/24

I am not sure how this is possible unless you all have different permissions. For destinations you all need to have permissions like this:

 

PrateekGarg_0-1713893994819.png

 

Avatar

Level 1

5/30/24

Hey @MatthewWe3 , I am too trying to setup a data feed using the Amazon S3 location type that uses IAM role for authentication and authorization. 

 

Can you let me know how did you configure the trust relations between adobe and the destination aws account. From what I understand, the IAM role needs information about the source account and user to configure the trust relations. 

 

Thanks.

Avatar

Level 1

5/30/24

Thanks @MatthewWe3 for the quick response, here in the document, it's mentioned that the "User ARN" is provided by Adobe. This user arn is something I need to configure the trust relation in the IAM role in the destination account.

 

However, I am not sure where I can get this "User ARN", is it something I need to contact the adobe support team or is it something I can find on adobe analytics console.