Release 6.8.2
Page tree


Support | BlogContact Us 

Versions Compared

Old Version 2

changes.mady.by.user docuser1

Saved on

compared with

New Version Current

changes.mady.by.user docuser1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r0682

...

If users are providing key-secret combinations, the following information is required. 

ItemDescription
key/secret(credential provider type is default) The AWS key and secret for the user to authenticate
default bucketThe default S3 bucket where the user can upload data and store generated results
extra bucketsAny extra S3 buckets to which the user should have access


Method 2 - AWS IAM Role ARNs

Users can access AWS resources by assigning an awsConfig object to the account.

Tip

Tip: This method is recommended.

The following information is required:

ItemDescription
IAM role

(credential provider type is temporary) The IAM role to use to authenticate.

Info

NOTE: If this information is not immediately available, a placeholder one is created when you create the configuration object. You can assign roles later. More information is provided below.

default bucketThe default S3 bucket where the user can upload data and store generated results
extra bucketsAny extra S3 buckets to which the user should have access

Authentication objects

For each authentication method, the above pieces of information must be provided for each user.

These pieces of information are defined in an awsConfig object. An awsConfig object is a set of AWS configuration properties that can be created, modified, and assigned to individual users via API.

For Method 2, the awsConfig object maps to an awsRole object. An awsRole object references an IAM role and an awsConfig object. When you create an awsConfig object and its credential provider is set to temporary, the awsRole object is automatically created for you: 

    • Each awsRole object maps to a single IAM role.
    • Each awsRole object is mapped to an awsConfig object. 
    • The awsConfig object is then assigned to individual users. 
    • Through this mechanism, you have more flexibility in assigning the active role to users.
    • As needed, the awsConfig object can be mapped at a later time to another awsRole object through the role attribute. 

This workflow steps through the process for all these methods.

Platform roles

To complete this workflow, your account must have one of the following roles:

  • Workspace admin

  • D s item
    itemadmin
For more information, see API Authentication.

Basic Workflow

  1. Choose your method of authentication.
  2. Locate the internal identifier for the user to which to assign the configuration object.
  3. Create an awsConfig object, assigning the object to the user as part of the process.
  4. Verify that the assignment is working.

...

© 2013-2023 Alteryx® Inc Privacy Policy  |  Terms of Use