Trifacta SaaS
Page tree


Support | BlogContact Us 

Versions Compared

Old Version 44

changes.mady.by.user docuser1

Saved on

compared with

New Version 45

changes.mady.by.user docuser1

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space DEV and version r0810

...

This section applies to getting started with 

D s product
productaws
rtrue
, an AWS-native platform for data wrangling. The following following product tiers are available:

  • D s product
    productawspr
     
  • D s product
    productawsent
  • d-s-product
    productawspro
  • d-s-product
    awsst
    product
     
    awssta

D s product
productaws
rtrue
 enables you to rapidly ingest, transform, and deliver clean, actionable data across your entire enterprise. Please review the following sections on how to prepare for and set up your 
D s product
productaws
 workspace.

...

  1. Administrators should complete the first section to set up the product for use. 
  2. After set up is complete, individual users should complete the second section to get started using the product.

Setup Process

Tip

Having difficulties? To speak to a support representative, click the icon in the corner and submit your question.

Steps:

  1. Before you begin. If you are using your own AWS S3 buckets, you should prepare them and their access policies to ensure that 

    D s product
    productaws
     can integrate with them. 

    Info

    NOTE: If you do not have these AWS resources, they can be created for you. Details are below.

    1. Technical setup: Please share the technical setup section with your S3 administrator.
  2. Register. Complete the simple online workflow to license and create your 
    D s product
    productaws
     workspace.
  3. Workspace setup. Before you invite other users to your workspace, you should complete a few setup steps.
  4. Invite users. If you intend to share the workspace with other users, you can invite them from within it. 
  5. Wrangle away! 

Before You Begin

Hosted on Amazon Web Services, 

D s product
productaws
 is designed to natively interact with AWS datasources, so that you can rapidly transform your data investments in AWS.

D s item
itemmanaged account

When the product is first launched, a default storage environment is automatically created for you as part of this setup process.

...

D s tfs
typefull
 is backed by AWS S3 buckets hosted by 
D s company
 and secured by IAM policies.

This default storage environment is managed by

...

D s company

...

and is used for storing data assets as well as assets generated by use of the product.

  • If preferred, you can configure the use of S3 as the default storage environment.

    Info

    NOTE: When S3 is used as the default storage environment, you must provide the policies, buckets, and other AWS resources required to manage your datasets and generated results.

  • You can choose to enable other storage environments in addition to your default storage environment.

Any of the following storage environment options can be configured after completing sign-up:

Default Storage EnvironmentAdditional Storage Environment

D s tfs

none

D s tfs

S3
S3none
S3

D s tfs


Info

NOTE: If you are using your own AWS/S3 resources, you must acquire configuration information before you can connect to your S3 assets. These requirements for these resources are covered later.

Whitelist the IP address range of the 
D s item
itemService

D s ed
editionsawsent,awspro,awssta,awspr
If you are enabling any relational source, including Redshift, you must whitelist the IP address range of the 
D s item
itemService
 in the relevant security groups.  

Info

NOTE: The database to which you are connecting must be available from the

D s item
itemService
over the public Internet.


The IP address range of the 

D s item
itemService
 is:

Code Block
35.245.35.240/28

For Redshift:

For Redshift, there are two ways to whitelist the IP range depending on if you are using EC2-VPC or EC2-Classic (not common).

For details on this process with RDS in general, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

For more information, please contact 

D s support
.

AWS Overview

Below are the AWS objects that are required for setup. 

Tip

Tip: If you do not have immediate access to these assets, some can be created as part of the workflow setup.

...

To create these objects are part of the setup process, you must have an AWS account. For more information, see https://aws.amazon.com/.

...

To integrate with your existing S3 resources, you must choose a method of authentication. Choices:

cross-account role: This method uses IAM roles to define the permissions used by the product for S3 access.

Tip

Tip: This method is recommended.

...

An IAM (Identity and Access Management) policy is an AWS resource used to define the low-level permissions for access to a specific resource. During setup, you can use or create a new IAM policy for the product to use for either access method.

For more information, see "Create policy to grant access to S3 bucket" below.

...

An IAM role contains one or more IAM policies that can be used to define the set of available AWS services and the level of access to them for a user. In this case, the user is the

D s webapp
.

...

For better security, your S3 bucket may be encrypted, which means that the data is stored inside of S3 in a way that is not human-readable.

Info

NOTE: The product can optionally integrate with encrypted S3 buckets. The following S3 encryption methods are supported: sse-s3 and sse-kms.

Info

NOTE: If your bucket is encrypted with ss3-kms, additional configuration is required. See "Update policy to accommodate SSE-KMS if necessary" below.

For more information on your bucket's encryption, please contact your S3 administrator.

...

If needed, you can change the location where results are stored in S3.

Info

NOTE: The product must have write permission to this location. If you are changing the location from the default, please verify with your S3 administrator that the preferred location is enabled for writing through your access method.

...

The account ID identifies in the trust policy that

D s item
itemAWS account
can use your IAM role.

Tip

Tip: This identifier is provided to you during registration and setup.

...

The external ID identifies in the trust policy that

D s product
productaws
can use your IAM role only on your behalf.

Tip

Tip: This identifier is provided to you during registration and setup.

Technical Setup

The following sections should be provided to your AWS administrator for setting up access to these resources, if required.

Create policy to grant access to S3 bucket

...

Register for 
D s product
productaws

Tip

Tip: You can begin using

D s product
productaws

...

Below is an example policy template. You should use this template to create the policy.

Info

NOTE: You should not simply use one of the predefined AWS policies or an existing policy you have as it will likely give access to more resources than required.

Template Notes:

  1. One of the statements grants access to the public demo asset buckets.  
  2. Replace <my_default_S3_bucket> with the name of your default S3 bucket.
  3. To grant access to multiple buckets within your account, you can extend the resources list to accommodate the additional buckets.
Policy Template
Code Block
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:GetBucketLocation"
            ],
            "Resource": [
                "arn:aws:s3:::<my_default_S3_bucket>",
                "arn:aws:s3:::<my_default_S3_bucket>/*"
            ]
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::aws-saas-samples-prod",
                "arn:aws:s3:::aws-saas-samples-prod/*",
                "arn:aws:s3:::aws-saas-datasets",
                "arn:aws:s3:::aws-saas-datasets/*",
                "arn:aws:s3:::3fac-data-public",
                "arn:aws:s3:::3fac-data-public/*"
                "arn:aws:s3:::trifacta-public-datasets",
                "arn:aws:s3:::trifacta-public-datasets/*"
            ]
        }
    ]
}

Update policy to accommodate SSE-KMS if necessary

If any accessible bucket is encrypted with SSE-KMS, another policy must be deployed. See https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html.

Add policy for Redshift access

If you are connecting to Redshift databases through your workspace, you can enable access by creating a GetClusterCredentials policy. This policy is additive to the the S3 access policies. All of these policies can be captured in a single IAM role. 

Example:

Code Block
{
"Version": "2012-10-17",
  "Statement": [
    {
     "Sid": "GetClusterCredsStatement",
      "Effect": "Allow",
      "Action": [
        "redshift:GetClusterCredentials"
      ],
      "Resource": [
        "arn:aws:redshift:us-west-2:123456789012:dbuser:examplecluster/${redshift:DbUser}",
        "arn:aws:redshift:us-west-2:123456789012:dbname:examplecluster/testdb",
        "arn:aws:redshift:us-west-2:123456789012:dbgroup:examplecluster/common_group"
      ],
        "Condition": {
            "StringEquals": {
           "aws:userid":"AIDIODR4TAW7CSEXAMPLE:${redshift:DbUser}@yourdomain.com"
                            }
                      }
    },
  }
}

For more information on these permissions, see Required AWS Account Permissions.

Whitelist the IP address range of the 
D s item
itemService
, if necessary

If you are enabling any relational source, including Redshift, you must whitelist the IP address range of the 

D s item
itemservice
 in the relevant security groups.  

Info

NOTE: The database to which you are connecting must be available from the

D s item
itemservice
over the public Internet.

The IP address range of the 

D s item
itemservice
 is:

Code Block
35.245.35.240/28

For Redshift:

For Redshift, there are two ways to whitelist the IP range depending on if you are using EC2-VPC or EC2-Classic (not common).

For details on this process with RDS in general, see https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Overview.RDSSecurityGroups.html

For more information, please contact 

D s support
.

Register for 
D s product
productaws

pre-configured with a template of interest. Please visit the Templates page and select the template of interest. Then, click Sign up for Free Trial. For more information, see https://www.trifacta.com/templates.

To begin the registration process, please visit https://www.trifacta.com/start-wrangling.

...

Login

After you have completed registration, please login to the application. The Home page is displayed.

Info

NOTE: You can now access online documentation through the application. From the left menu nav bar, select Help menu > Documentation.

S3 Configuration

For more information on changing the default storage environment or enabling S3 as a storage environment, see Configure Storage Environment.

Workspace Setup

Review Workspace Settings

As the first registered user, you are assigned the workspace admin role, which provides control over workspace-level settings. Before you invite users to the workspace, you should review and modify the basic configuration for the workspace. See 

Tip

Tip: You can also rename the workspace.

For more information, see  Workspace Settings Page .

Verify Operations

Info

NOTE: Workspace administrators should complete the following steps to verify that the product is operational end-to-end.

Excerpt Include
Verify Operations
Verify Operations
nopaneltrue

Invite Users

Info

NOTE: First-time users of the product should access 

D s product
 by access it by invitation only. Do not provide direct URLs to first-time users.

  1. You can invite other people to join your workspace. 
    1. When users initially join your workspace, they are assigned a non-admin role. Through the Workspace Users page, you can assign roles.
    2. Select User menu > Admin Console > Users. Then, click Invite Users.
    3. For more information, see Users Page.
  2. The workspace administrators must provide credentials for each workspace member account. See Users Page.

Example Flows

When a new workspace is created, the first user is provided a set of example flows. These flows are intended to teach by example and illustrate many recommended practices for building your own flows. For more information on example flows, see Workflow Basics.

Getting Started for Workspace Users

Tip

Tip: After you have registered for a trial, you can immediately begin using the product. 

This section walks through the process of getting started as a new member of a

D s product
productaws
 workspace. 

Steps:

...

D caption
Welcome email

...

contains additional steps that may be required to use all features of the product. 

Storage configuration

When you login for the first time, you may see a Missing Storage Settings error message

...

. Your storage settings must be configured before you can import data and run jobs.

Steps:

  1. To provide your individual user storage credentials and default bucket. To do so, click the Here link.
  2. In your Storage Settings page, you may be required to enter your S3 credentials. 
  3. After the credentials have been entered, you can begin using the product. 

Email verification

When you connect to the product, you may see a banner indicating that you have not confirmed your email address. 

Info

NOTE: You cannot invite other users to your workspace or receive email-based notifications from the product until you verify your email address.

Steps:

  1. In the 

    D s webapp
    , click the button in the banner to send an email to the address that you used to register.

  2. You should receive an email like the following:
    Image Added

    D caption
    Welcome email
  3. Click the link

Access documentation

...

To access the full customer documentation, from the left nav bar, select Help menu > Documentation.

The following resources can assist workspace users in getting started with wrangling.

Tip

Tip: Check out the product walkthrough available through in-app chat! This tour steps through each phase of ingesting, transforming, and generating results for your data.

© 2013-2022 Alteryx® Inc. Privacy Policy  |  Terms of Use