AWS Account Page
Note
This feature may not be available in all product editions. For more information on available features, see Compare Editions.
In the AWS Account page, you can review and modify your credentials to access the S3 default storage layer. In the Connections page, click AWS Account.
Note
This section applies to using S3 as the default storage layer. Before you begin, some information must be gathered from AWS. See Enable Access to S3 and AWS Resources.
Overview
Authentication modes
Name | Mode | Description |
|---|---|---|
Workspace mode | All users in the workspace share the same AWS credentials | In Workspace mode, the workspace administrator applies a single set of AWS credentials for all users in the workspace. These credentials are used by each member of the workspace to authenticate with AWS and to gain access to S3 buckets. Tip This mode requires more up-front setup but is easy to manage. However, all members of the workspace have the same set of access controls. |
User mode | Each user in the workspace can use their own credentials | In Per User mode, individual members of the workspace must apply their AWS credentials to their accounts. Note This feature may not be available in all product editions. For more information on available features, see Compare Editions. Tip This mode is easy to set up but turns responsibility for access controls over to the individual members. If members encounter problems gaining access to S3 assets, the workspace administrator may not be able to troubleshoot them. For per-user mode:
|
Authentication method
The following methods can be used to manage authentication with AWS.
Credential Provider | Description |
|---|---|
Use a cross-account role (IAM role) | The Alteryx Analytics Cloud can use any IAM roles that have been defined for workspace members to access AWS data sources, such as S3 and Redshift. Tip This credential provider method is recommended. |
Use access keys | You can apply key and secret access key combinations to gate access to AWS data sources. These access keys can be applied in workspace mode or in per-user mode by individual members. |
Use a Cross-Account Role - Create an IAM Policy
After you select a cross-account role, you must specify an IAM policy and apply it to the workspace.
Prerequisites:
Any IAM role in use must include a trust relationship for the Alteryx Analytics Cloud. For more information, see Insert Trust Relationship in AWS IAM Role.
If you want workspace members to be able to use the on-boarding walkthrough, they must have access to the Alteryx assets required for the walkthrough. For more information, see Required AWS Account Permissions.
Copy policy
Choose an S3 bucket: Enter the name of your S3 bucket.
Tip
This value specifies your default S3 bucket and referenced in the IAM policy that is displayed.
Follow the instructions to copy the specified policy to the clipboard.
Create IAM role
You can follow the instructions on-screen to define an IAM role that uses your new policy.
Fields:
Setting | Description |
|---|---|
Account ID | This value is pre-populated when the workspace is created. Note Do not modify. |
External ID | This value is pre-populated when the workspace is created. Note Do not modify. |
Copy the IAM role ARN from the AWS console and paste it into the textbox.
Use Access Keys - Provide Your AWS Credentials
For key-secret authentication to AWS, please specify the following settings.
Note
The AWS key and secret must provide read/write access to the default S3 bucket at least.
The account must have the ListAllMyBuckets ACL among its permissions.
Setting | Description |
|---|---|
AWS access key | The AWS access key to use. |
AWS secret key | The AWS secret associated with the access key. |
Storage and encryption
S3 Buckets
For key-secret authentication to AWS, please specify the following settings.
Setting | Description |
|---|---|
Default S3 bucket for uploaded files, temporary files, and job results | Specify the name of the default S3 bucket. Note Specify the top-level bucket name only. There should not be any backslashes in your entry. |
Additional S3 buckets | You can specify any additional S3 buckets in a comma-separated list of names. |
Encryption type
The Alteryx Analytics Cloud supports the use of server-side encryption when writing results.
Note
When encryption is enabled, all buckets to which you are writing must share the same encryption policy.
Setting | Description |
|---|---|
Encryption Type | Supported encryption types: Note If
|
KMS key ID | If SSE-KMS has been selected, you can paste the KMS Key ID value in this field. |