Page tree

Trifacta SaaS



Contents:

   

If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that  Trifacta® can leverage it. 

Feature Availability: This feature may not be available in all product editions.

Prerequisites:

NOTE: These steps should be performed by an AWS administrator.

Please acquire the following information:

  • Account ID: The AWS account identifier that Trifacta should use for access.

    NOTE: This value is provided to you by Alteryx.

    After it has been specified, this value is available for workspace administrators through the Admin console. See AWS Settings Page.

  • External ID:The external identifier is set within Trifacta. This value is available for workspace administrators through the Admin console. See AWS Settings Page.

  • IAM role: The AWS IAM role that Trifacta should use.

For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.

Steps:

  1. Login to the AWS console.
  2. Open the IAM role for use with Trifacta
  3. Insert the following AWS policy snippet to define the trust relationship for this role:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": "<aws_account_id>"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringLike": {
              "sts:ExternalId": [
                "<external_id>"
              ]
            }
          }
        }
      ]
    }

    where:

    SettingDescription
    <aws_account_id>

    The AWS account identifier for Trifacta

    <external_id>

    The external identifier generated by Trifacta

  4. Save the IAM role definition.

    NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.

See Also for Insert Trust Relationship in AWS IAM Role:

This page has no comments.