AWS Settings Page
In the AWS Settings page, workspace administrators can define the AWS credentials mode for the workspace and apply settings for the selected mode, including selecting the credential provider. From the left menu, select User menu > Admin console > AWS settings.
Note
Before you begin, some information must be gathered from AWS. See Enable Access to S3 and AWS Resources.
Note
This configuration section applies only if the Designer Cloud Powered by Trifacta platform is integrated with Amazon Web Services.
AWS Mode:
Mode | Description |
|---|---|
Workspace | In Workspace mode, the workspace administrator applies a single set of AWS credentials for all users in the workspace. These credentials are used by each member of the workspace to authenticate with AWS and to gain access to S3 buckets. Tip This mode requires more up-front setup but is easy to manage. However, all members of the workspace have the same set of access controls. |
Per User | In Per User mode, individual members of the workspace must apply their AWS credentials to their accounts. Tip This mode is easy to set up but turns responsibility for access controls over to the individual members. If members encounter problems gaining access to S3 assets, the workspace administrator may not be able to troubleshoot them. |
Credential Provider:
For workspace or per-user mode, the following provider methods can be used to manage authentication with AWS.
Credential Provider | Description |
|---|---|
IAM Role | The Designer Cloud Powered by Trifacta platform can use any IAM roles that have been defined for workspace members to access AWS data sources, such as S3 and Redshift. Tip This credential provider method is recommended. |
AWS Key and Secret | You can apply key and secret combinations to gate access to AWS data sources. These combinations can be applied in workspace mode or in per-user mode by individual members. |
Workspace Mode
In workspace mode, you must select the credential provider and then specify the relevant settings.
Prerequisites:
The IAM roles must include a trust relationship for the Designer Cloud Powered by Trifacta platform. For more information, see Insert Trust Relationship in AWS IAM Role.
If you want workspace members to be able to use the on-boarding walkthrough, they must have access to the Alteryx assets required for the walkthrough. For more information, see Required AWS Account Permissions.
Apply the following settings to define the IAM roles and related settings.
Setting | Description |
|---|---|
Account ID | This value is pre-populated when the workspace is created. Note Do not modify. |
External ID | This value is pre-populated when the workspace is created. Note Do not modify. |
Available IAM Role ARNs | You can specify the set of IAM Role ARNs from which users can select for their access to AWS resources. Note These roles cannot be modified if SAML passthrough authentication has been enabled. For more information, see Configure for AWS SAML Passthrough Authentication. |
Select Default IAM Role ARN | From the available IAM Role ARNs, you can specify the default one. |
For key-secret authentication to AWS, please specify the following settings.
Note
The AWS key and secret must provide read/write access to the default S3 bucket at least.
The account must have the ListAllMyBuckets ACL among its permissions.
Setting | Description |
|---|---|
AWS Access Key | The AWS access key to use. |
AWS Secret Key | The AWS secret associated with the access key. |
Per-User Mode
For per-user mode:
The workspace administrator must specify the encryption settings only. See below.
Individual users configure all of the other AWS access settings through the Storage configuration page.
Common Settings
For key-secret authentication to AWS, please specify the following settings.
Setting | Description |
|---|---|
Default S3 bucket | Specify the name of the default S3 bucket. Note Specify the top-level bucket name only. There should not be any backslashes in your entry. |
Extra S3 buckets | You can specify any additional S3 buckets in a comma-separated list of names. |
The Designer Cloud Powered by Trifacta platform supports the use of server-side encryption when writing results.
Note
When encryption is enabled, all buckets to which you are writing must share the same encryption policy.
Setting | Description |
|---|---|
Encryption Type | Supported encryption types: Note If
|
KMS Key ID | If SSE-KMS has been selected, you can paste the KMS Key ID value in this field. |