Page tree

 

If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that the Trifacta® platform can leverage it. 

Pre-requisites:

Please acquire the following information:



  • IAM role: The AWS IAM role that the Trifacta platform should use.

  • EC2 instance role: If the EC2 instance role is to be used to assume the AWS role, then please acquire the following:

    • AWS account ID
    • EC2 instance role
    • Details on the above are listed below.

For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.

Steps:

  1. You can apply this change through the Admin Settings Page (recommended) or trifacta-conf.json. For more information, see Platform Configuration Methods.
  2. Locate the following parameter and retrieve its value (true or false):

    "aws.ec2InstanceRoleForAssumeRole"
  3. Login to the AWS console.
  4. Open the IAM role for use with the Trifacta platform
  5. If aws.ec2InstanceRoleForAssumeRole=true, then the EC2 instance role is used for assuming the provided AWS role. Paste the following into the IAM role for the trust relationship:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": [
               "arn:aws:iam::<awsAccountId>:role/<ec2InstanceRole>"
            ]
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }
    PropertyDescription
    <awsAccountId>AWS account identifier for which the EC2 instance role is assumed
    <ec2InstanceRole>EC2 instance role to use
  6. If aws.ec2InstanceRoleForAssumeRole=false, then the AWS user associated with the provided AWS key and secret is assumed. Paste the following into the IAM role for the trust relationship:

    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Principal": {
            "AWS": [
              "arn:aws:iam::862753480162:user/sample-user"
            ]
          },
          "Action": "sts:AssumeRole"
        }
      ]
    }
  7. Save the IAM role definition.

This page has no comments.