...
Instance role: Create an IAM role and link it to the EC2 instance where the
is hosted. Include the following IAM policy:D s node Code Block { "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": "sts:AssumeRole", "Resource": "arn:aws:iam::*:role/*" } ] }User role: Create another IAM role and provides required access to the S3 buckets. Example:
Code Block { "Version": "2012-10-17", "Statement": [ { "Sid": "MyBucketAndObjectPermissions", "Action": [ "s3:GetBucketLocation", "s3:ListBucket", "s3:DeleteObject", "s3:GetObject", "s3:PutObject" ], "Effect": "Allow", "Resource": [ "arn:aws:s3:::<my_s3_bucket>", "arn:aws:s3:::<my_s3_bucket>/*" ] }, { "Sid": "TrifactaPublicDatasets", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": [ "arn:aws:s3:::trifacta-public-datasets/*", "arn:aws:s3:::trifacta-public-datasets" ] } ] }where:
<my_s3_bucket>is the name of your bucket.Under the user role definition, edit the Trust relationship. Add the instance role to Principal:
Code Block { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam:: {awsAccountId}:role/{instanceRole}" ] }, "Action": "sts:AssumeRole" } ] }For more information, see Insert Trust Relationship in AWS IAM Role.
- For more granular control over the Trust relationship, see https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.
AWS Glue: If you are integrating with AWS Glue, additional permissions must be set. For more information, see Enable AWS Glue Access.
Log in the
as aD s platform
.D s item item admin - Click the link to specify storage settings. Populate the values for:
- IAM role
- Role ARN
- S3 Bucket Name
Save your changes.
...
