For Trifacta® Self-Managed Enterprise Edition, you can configure AWS authentication on a per-user basis, using temporary credentials for superior security.
The following parameters must be set:
Set this value to
Each user can specify credentials.
feature.showAWSTemporaryCredentialProviderOption is enabled, then you can authenticate to AWS services from the Trifacta platform using an IAM role:
Configure Per-User Authentication using IAM Role
Please complete the following general steps.
Instance role: Create an IAM role and link it to the EC2 instance where the Trifacta node is hosted. Include the following IAM policy:
User role: Create another IAM role and provides required access to the S3 buckets. Example:
<my_s3_bucket>is the name of your bucket.
Under the user role definition, edit the Trust relationship. Add the instance role to Principal:
For more information, see Insert Trust Relationship in AWS IAM Role.
- For more granular control over the Trust relationship, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.
Log in the Trifacta platform as a Trifacta admin.
- Click the link to specify storage settings. Populate the values for:
- IAM role
- Role ARN
- S3 Bucket Name
Save your changes.
After per-user authentication has been enabled, each user must provide or be provided the IAM role and S3 bucket to use. Users can insert a default S3 bucket and IAM role to use for temporary credentials in their profiles. See User Profile Page.
This page has no comments.