Page tree

Trifacta SaaS



Contents:

   

Contents:


In the AWS Settings page, workspace administrators can define the AWS credentials mode for the workspace and apply settings for the selected mode, including selecting the credential provider. From the left menu, select User menu > Admin console > AWS settings.


Overview

Mode:

ModeDescription
All users in the workspace share the same AWS credentials

In Workspace mode, the workspace administrator applies a single set of AWS credentials for all users in the workspace. These credentials are used by each member of the workspace to authenticate with AWS and to gain access to S3 buckets.

Tip: This mode requires more up-front setup but is easy to manage. However, all members of the workspace have the same set of access controls.

Each user in the workspace can use their own credentials

In Per User mode, individual members of the workspace must apply their AWS credentials to their accounts.

Feature Availability: This feature is available in
Trifacta Enterprise Edition only.


Tip: This mode is easy to set up but turns responsibility for access controls over to the individual members. If members encounter problems gaining access to S3 assets, the workspace administrator may not be able to troubleshoot them.

Authentication method:

For workspace or per-user mode, the following methods can be used to manage authentication with AWS. 

Credential ProviderDescription
Use a cross-account role (IAM role)

Trifacta SaaS can use any IAM roles that have been defined for workspace members to access AWS data sources, such as S3 and Redshift.

Tip: This credential provider method is recommended.

Use access keysYou can apply key and secret access key combinations to gate access to AWS data sources. These access keys can be applied in workspace mode or in per-user mode by individual members.

Workspace Mode

In Workspace mode, you must select the credential provider and then specify the relevant settings.

IAM Role Settings

Prerequisites:

Apply the following settings to define the IAM roles and related settings.

SettingDescription
Account ID

This value is pre-populated when the workspace is created.

NOTE: Do not modify.

External ID

This value is pre-populated when the workspace is created.

NOTE: Do not modify.

Available IAM Role ARNs

You can specify the set of IAM Role ARNs from which users can select for their access to AWS resources.

Default IAM Role ARNFrom the available IAM Role ARNs, you can specify the default one.

AWS Key and Secret Settings

For key-secret authentication to AWS, please specify the following settings.

NOTE: The AWS key and secret must provide read/write access to the default S3 bucket at least.

The account must have the ListAllMyBuckets ACL among its permissions.

SettingDescription
AWS access keyThe AWS access key to use.
AWS secret keyThe AWS secret associated with the access key.

Per-User Mode

For per-user mode:

  • The workspace administrator must specify only the encryption settings. See below.
  • Individual users configure all of the other AWS access settings through the Storage configuration page. See Storage Config Page.

Storage and encryption

S3 Buckets

For key-secret authentication to AWS, please specify the following settings.

SettingDescription
Default S3 bucket for uploaded files, temporary files, and job results

Specify the name of the default S3 bucket.

NOTE: Specify the top-level bucket name only. There should not be any backslashes in your entry.

Additional S3 bucketsYou can specify any additional S3 buckets in a comma-separated list of names.

Encryption type

Trifacta SaaS supports the use of server-side encryption when writing results.

NOTE: When encryption is enabled, all buckets to which you are writing must share the same encryption policy.

SettingDescription
Encryption Type

Supported encryption types:

  • None
  • SSE-S3
  • SSE-KMS
KMS key IDIf SSE-KMS has been selected, you can paste the KMS Key ID value in this field.

This page has no comments.