Skip to content

Commit d5d733f

Browse files
committed
adding more information + image
1 parent 6e74d40 commit d5d733f

File tree

2 files changed

+60
-4
lines changed

2 files changed

+60
-4
lines changed

src/connections/destinations/catalog/actions-s3/index.md

Lines changed: 60 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -38,13 +38,69 @@ Ensure you have the following in place before configuring the AWS S3 (Actions) d
3838

3939
- Amazon S3 Bucket: Create a bucket in your AWS account or use an existing one where you want to store the event data.
4040
- AWS IAM Permissions: Verify that you have appropriate IAM roles with write access to the S3 bucket and permissions for the Segment connection.
41-
- Access Keys: Prepare your AWS Access Key ID and Secret Access Key. These will be needed to authenticate Segment with your S3 bucket.
42-
43-
44-
## Create a new destination
41+
- IAM Access IDs: Prepare your AWS IAM ARN ID and IAM External ID. These will be needed to authenticate and authorize Segment with your S3 bucket.
4542

4643

4744
### Create an IAM role in the AWS console
45+
To setup the IAM role to properly authorize Segment with the AWS S3 (Actions) destination, follow the steps below.
46+
47+
1. Login to your AWS account
48+
2. Create a new or use an existing bucket with `PutObject`, `GetObject`, `ListObject` access to the S3 bucket.
49+
3. Go to IAM > Roles > Create Role
50+
4. Provide the following policy permissions for the IAM that was just created:
51+
```json
52+
{
53+
"Version": "2012-10-17",
54+
"Statement": [
55+
{
56+
"Sid": "PutObjectsInBucket",
57+
"Effect": "Allow",
58+
"Action": [
59+
"s3:PutObject",
60+
"s3:PutObjectAcl"
61+
],
62+
"Resource": "arn:aws:s3:::<YOUR_BUCKET_NAME>/*"
63+
}
64+
]
65+
}
66+
```
67+
5. Click on the Trust Relationships tab and edit the trust policy to allow the IAM user to assume the role (If a user is not already created, please refer to the AWS documentation to create a user)
68+
```json
69+
{
70+
"Version": "2012-10-17",
71+
"Statement": [
72+
{
73+
"Sid": "",
74+
"Effect": "Allow",
75+
"Principal": {
76+
"AWS":
77+
"arn:aws:iam::595280932656:role/customer-s3-dev-action-destination-access",
78+
"arn:aws:iam::595280932656:role/customer-s3-prod-action-destination-access"
79+
},
80+
"Action": "sts:AssumeRole",
81+
"Condition": {
82+
"StringEquals": {
83+
"sts:ExternalId": "<YOUR_EXTERNAL_ID>"
84+
}
85+
}
86+
}
87+
]
88+
}
89+
```
90+
## Add AWS S3 (Actions) Destination in Segment
91+
To finish configuration, enable the AWS S3 (Actions) Destination in your workspace.
92+
93+
1. Add the **AWS S3 (Actions)** destination from the Destinations tab of the catalog.
94+
![AWS S3](images/aws-s3-catalog.png)
95+
2. Select the data source you'll connect to the destination.
96+
3. Provide a unique name for the destination.
97+
4. Complete the destination settings:
98+
1. Enter the name of the region in which the bucket you created above resides.
99+
2. Enter the name of the bucket you created above. Be sure to enter the bucket's **name** and not URI.
100+
3. Enter the ARN of the IAM role you created above. The ARN should follow the format `arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME.`
101+
4. Enter the IAM External ID, which is a value set in the Trust Relationship under your AWS IAM Role.
102+
5. Enable the destination.
103+
6. Verify Segment data is stored in the S3 bucket by navigating to the `<your_S3_bucket>/` in the AWS console.
48104

49105

50106
### Build Configuration Mappings
218 KB
Loading

0 commit comments

Comments
 (0)