Page tree

 

If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that the Trifacta® platform can leverage it. 

Pre-requisites:

Please acquire the following information:

  • Account ID: The AWS account identifier that the Trifacta platform should use for access.

    NOTE: This value is provided to you by Trifacta.

    After it has been specified, this value is available for workspace administrators through the Admin console. See AWS Config Page.


  • External ID:The external identifier is set within the Trifacta platform. This value is available for workspace administrators through the Admin console. See AWS Config Page.

  • IAM role: The AWS IAM role that the Trifacta platform should use.

For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.

Steps:

  1. Login to the AWS console.
  2. Open the IAM role for use with the Trifacta platform
  3. Insert the following AWS policy snippet to define the trust relationship for this role:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": "<aws_account_id>"
          },
          "Action": "sts:AssumeRole",
          "Condition": {
            "StringLike": {
              "sts:ExternalId": [
                "<external_id>"
              ]
            }
          }
        }
      ]
    }

    where:

    SettingDescription
    <aws_account_id>

    The AWS account identifier for the Trifacta platform

    <external_id>

    The external identifier generated by the Trifacta platform

  4. Save the IAM role definition.

    NOTE: The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.

This page has no comments.