Skip to main content

AWS S3 as Private Data Storage

Follow this guide to configure your Alteryx Analytics Cloud (AAC) workspace to replace Alteryx Data Storage (ADS) with an instance of Amazon Web Services (AWS) S3 that you own.

Note

Private data handling requires the use of AWS S3 as the default storage layer and is incompatible with the default storage provided by Alteryx. You should set up private data storage soon after creating your workspace and before users start to create datasets. Any datasets created before configuring private data storage will be inaccessible after completing the configuration. For more information, please contact Alteryx Support.

Step 1: Set Up AWS as Private Data Storage

Note

You need the appropriate permissions and access to the AWS Console in order to complete this step. If you don’t have this access, you might need assistance from your IT team to complete this step.

  1. Sign in to your AAC workspace.

  2. Go to Profile menu > Workspace Admin > Private Data Handling > Storage and then select Amazon Web Services S3.

  3. Follow the step-by-step instructions. AAC needs read and write permissions to your S3 bucket in order to use it for workspace storage. You can choose to provide these permissions with an IAM role or IAM user.

You might want to consider provisioning this S3 bucket in the same region as other data sources your company runs in the cloud. This improves performance and reduces egress costs.

Using a Cross-Account Role

If you choose to use a cross-account role, you need to provide the name of your S3 bucket, create a new policy, create an IAM role that Alteryx Analytics CloudAlteryx Analytics Cloud will use, and attach the policy to the role.

You’ll then provide the ARN of the role you just created.

Using Access Keys

If you choose to use access keys, you need to provide the name of your S3 bucket, the access key, and the secret key.

Storage and Encryption

Whether you choose to use roles or access keys, you also have the opportunity to specify additional S3 buckets. Finally, if you've enabled server-side encryption on your S3 bucket, you can select the encryption type you want to use. Private data storage supports both SSE-S3 and SSE-KMS encryption methods. If you are using SSE-KMS, you need to provide the AWS KMS key ID.

When you’re done, select Save.

Step 2: Workspace Settings

Set your private data storage as the default workspace storage and disable the Alteryx-provided base storage option.

  1. From AAC, go to Profile menu > Workspace Admin > Settings and then find the Storage section.

  2. Set Default Storage Environment to S3 Private Data Storage.

  3. Set Alteryx Data Storage (ADS) to Disabled.

  4. Set S3 Private Data Storage option to Enabled.

    Note

    Set Hide Underlying file systems to Users to Enabled to block users from exploring data in S3 Private Data Storage in AACP.

Step 3: Verify

Validate that everything works properly.

  1. From the top navigation bar, select Data.

  2. Select Import Data.

  3. Select Upload on the left navigation panel.

  4. Upload a CSV file from your computer.

This successfully verifies write access to your private data storage. You can verify read access by using your uploaded dataset in a workflow.

Now your workspace is ready to use private data storage. You can move on to setting up your AWS Account and then configuring private data processing.