Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Excerpt

In the AWS Settings page, workspace administrators can define the AWS credentials mode for the workspace and apply settings for the selected mode, including selecting the credential provider. From the left menu, select User menu > Admin console > AWS settings.



Info

NOTE: This configuration section applies only if

D s product
rtrue
is integrated with Amazon Web Services.


Excerpt

AWS Mode:

ModeDescription
Workspace

In Workspace mode, the workspace administrator applies a single set of AWS credentials for all users in the workspace. These credentials are used by each member of the workspace to authenticate with AWS and to gain access to S3 buckets.

Tip

Tip: This mode requires more up-front setup but is easy to manage. However, all members of the workspace have the same set of access controls.


Per User

In Per User mode, individual members of the workspace must apply their AWS credentials to their accounts.

Tip

Tip: This mode is easy to set up but turns responsibility for access controls over to the individual members. If members encounter problems gaining access to S3 assets, the workspace administrator may not be able to troubleshoot them.


Credential Provider:

For workspace or per-user mode, the following provider methods can be used to manage authentication with AWS. 

Credential ProviderDescription
IAM Role

D s product
can use any IAM roles that have been defined for workspace members to access AWS data sources, such as S3 and Redshift.

Tip

Tip: This credential provider method is recommended.


AWS Key and SecretYou can apply key and secret combinations to gate access to AWS data sources. These combinations can be applied in workspace mode or in per-user mode by individual members.



Workspace Mode

In workspace mode, you must select the credential provider and then specify the relevant settings.

...

SettingDescription
Encryption Type

Supported encryption types:

Info

NOTE: If None  is selected here, AWS S3 still applies server-side encryption to the bucket without impact to cost or performance. For more information, see https://docs.aws.amazon.com/AmazonS3/latest/userguide/default-bucket-encryption.html

  • None
  • SSE-S3
  • SSE-KMS
KMS Key IDIf SSE-KMS has been selected, you can paste the KMS Key ID value in this field.

...