- System mode: One set of credentials is used for each user of the platform to authenticate to AWS.
User mode: Individual user accounts must be configured with AWS credentials.
NOTE: This section covers how to manage AWS credentials for individual users (user mode). When in system mode, please manage AWS configuration through the application.
|credential provider type|
For user mode, the following types of credential provider are supported:
(credential provider type is
|key/secret||(credential provider type is |
|default bucket||The default S3 bucket where the user can upload data and store generated results|
|extra buckets||Any extra S3 buckets to which the user should have access|
The above pieces of information must be provided for each user. To facilitate, the Designer Cloud powered by Trifacta platform
awsConfig object, which contains all of the above information. An awsConfig object is a set of AWS configuration properties that can be created, modified, and assigned to individual users via API. This workflow steps through that process.
- Acquire information.
- Create an
Modify the object as needed.
- Locate the internal identifier for the user to which to assign the configuration object.
- Assign the
awsConfigobject to a user.
- Verify that the assignment is working.
Step - Acquire information
Acquire all of the information listed above for the awsConfig object you wish to create. In this example, the credential provider type is set to
temporary, which means that authentication is determined by an IAM role.
Step - Create awsConfig object
Create the AWS configuration object.
Checkpoint: In the above, the awsConfig object has an internal identifier (
id=6). Retain this information for later.
For more information, see API AWSConfigs Create v4.
Step - Modify awsConfig object
Suppose you realize that there is missing extra bucket (
extra-bucket3) and that the role you specified is incorrect. You can use the following method to modify the created configuration object.
NOTE: When modifying an awsConfig object, you only need to include the parameters that you are modifying in the request. You must include the full value of the parameters, so all buckets must be listed in the following example.
Step - Locate user
Now, you need to locate the internal identifier for the user to which you wish to assign this AWS configuration.
Checkpoint: In the above, you noticed that userId=2 is associated with awsConfig object id=1. Retain this userId for later.
For more information, see API AWSConfigs Put v4.
Step - Assign awsConfig to User
Now, you can assign the awsConfig (id=6) to the user you identified in the previous step (userId=2)
Checkpoint: User id=2 now uses awsConfig id=6 to authenticate and connect to AWS resources.
Step - Verify Authentication
To verify that the above configuration works:
- User id=2 to should login to the application.
- User uploads assets through the Import Data page.
- User creates a short recipe that modifies these assets.
- User runs a job on that recipe to generate output to the default S3 bucket in CSV or JSON for downloading.
- User verifies that the results can be downloaded.
Checkpoint: You're done.
This page has no comments.