AWS S3 Authorization
If you have not already done so, you will need to set up an Amazon S3 account before you begin the process described below.
You may authorize in one of two ways:
- Providing your AWS keys - with option to use PGP Encryption
- Delegating Access via AWS IAM
Providing your AWS keys
Follow the steps below to authorize AWS with Lytics using your AWS keys. For more information on obtaining your keys, see Amazon's documentation on secret and access keys.
If you are new to creating authorizations in Lytics, see the Authorizations Dashboard documentation for more information.
- Select Amazon Web Services from the list of providers.
- Select the AWS Keys method for authorization.
- Enter a Label to identify your authorization.
- (Optional) Enter a Description for further context on your authorization.
- Enter your Access Key and Secret Key.
- Click Save Authorization.
AWS Keys with PGP Encryption
To create an authorization with AWS keys and PGP encryption, follow the steps as described above, and then select either the Private or Public PGP Keys option.
- For imports of PGP encrypted files, enter your PGP Private Key
- To encrypt the resulting export file using PGP, enter your PGP Public Key.
Delegating Access via AWS IAM
You can also authorize using AWS Identity and Access Management (IAM). For more information see Amazon's documentation on IAM.
You will need to enter the following policy in your S3 bucket:
{
"Statement": [
{
"Sid": "Grant Lytics Access",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::358991168639:root"
},
"Action": [
"s3:GetBucketLocation",
"s3:ListBucket",
"s3:PutObject",
"s3:GetObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::YOUR_BUCKET",
"arn:aws:s3:::YOUR_BUCKET/*"
]
}
]
}Before you start a job, please let Lytics Support know the name of the bucket you are going to use. This will allow delegated access to the given bucket. When you start the job, just select Use Delegated Access To Lytics with AWS IAM instead of an AWS keys authorization.