Contents:
If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that the Designer Cloud Powered by Trifacta platform can leverage it.
Prerequisites:
NOTE: These steps should be performed by an AWS administrator.
Please acquire the following information:
Account ID: The AWS account identifier that the Designer Cloud Powered by Trifacta platform should use for access.
NOTE: This value is provided to you by Alteryx Inc..
After it has been specified, this value is available for workspace administrators through the Admin console. See AWS Config Page.
- External ID:The external identifier is set within the Designer Cloud Powered by Trifacta platform. This value is available for workspace administrators through the Admin console. See AWS Config Page.
- IAM role: The AWS IAM role that the Designer Cloud Powered by Trifacta platform should use.
For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.
Steps:
- Login to the AWS console.
- Open the IAM role for use with the Designer Cloud Powered by Trifacta platform.
Insert the following AWS policy snippet to define the trust relationship for this role:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<aws_account_id>" }, "Action": "sts:AssumeRole", "Condition": { "StringLike": { "sts:ExternalId": [ "<external_id>" ] } } } ] }where:
Setting Description <aws_account_id>The AWS account identifier for the Designer Cloud Powered by Trifacta platform
<external_id>The external identifier generated by the Designer Cloud Powered by Trifacta platform
Save the IAM role definition.
NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.
This page has no comments.