The Syniti Knowledge Platform allows data generated from activities such as the execution of data quality implementations to be written to file-based data stores that our customers own and manage. Currently, the Syniti Knowledge Platform supports Amazon S3 Buckets and Microsoft Azure Store as options for data store types.
This article explains how to create an AWS S3 Bucket and register it as a data store in the Syniti Knowledge Platform.
Create and Register an Amazon S3 Data Store
This article contains the following sections:
Customers must have their own Amazon Web Services account and the user performing this task must have permissions to create S3 Buckets, IAM Policies and IAM Roles.
Customers must raise a Synti Support ticket requesting the relevant regional Syniti AWS Account Number. This Account Number is required when creating the IAM Role as detailed later in this article.
Create AWS S3 Bucket
Refer to the Amazon Webservices Documentation Step 1 Create your first S3 bucket for comprehensive documentation related to the S3 Bucket creation:
To create the S3 Bucket:
- Navigate to the S3 area of AWS:
- Click the Create bucket button.
- Under General Configuration, enter a unique Bucket name.
- Select the AWS region in which to create the S3 Bucket from the AWS Region list box.
- Under Object Ownership, click the ACLs disabled option.
- Under Block Public Access settings for this bucket, select the Block all public access option.
- Under Bucket Versioning, click the Disable option.
- Under Default Encryption, set the Encryption key type to Amazon S3-managed keys (SSE-S3).
- Under Bucket Key, click the Disable option.
- Under Advanced Settings, under Object Lock, click the Disable option.
To create the IAM Policy:
- Navigate to the IAM section of AWS and select Policies.
- Click the Create Policy button.
- Under Actions, under Access Level, under List, check the following options:
- Under Actions, under Access level, under Read, check the GetObject option.
- Under Actions, under Access level, under Write, check these options.
- Under Resources, add the allowable Bucket that the Role can access by clicking the Add APN link.
- Enter the Bucket name and click the Add button.
- Under Resources, add the allowable Bucket Objects that the Role can access by clicking the Add APN link next to Object.
- Enter the Bucket name.
- Next to Object name, check the Any option.
- Under Review Policy, enter a Name for the policy and click the Create policy button.
- Navigate to the IAM section of AWS, select Roles and click the Create role button.
- On the Select trusted entity page, select the Custom trust policy option.
- Under Add action for STS, check the AssumeRole option.
- Next to Add a principal, click the Add button.
NOTE: In this step, the Syniti AWS Account is added as a trusted Principal to the role.
- Select AWS account and root user from the Principal type list box.
Enter the Syniti AWS Account number in the format arn:aws:iam::XXXXXXXXXXXX:root as provided to you by Syniti Support in the ARN field.
NOTE: Refer to the Prerequisites section for more information about contacting support.
- Next to Add a condition, click the Add button.
NOTE: In this step, a secret pass phrase that the principal must use to access the
Bucket is added.
- Complete the fields as indicated by the screen shot above, and click the Add condition button.
- Review the Customer Trust Policy. The custom policy JSON should look as follows, with the AWS Account number being replaced with the one provided by Syniti support and the sts:ExternalID being replaced with the secret pass phrase that you entered.
- Under Add Permissions. give the Role permission to the Policy you previously created.
- On the Name, review, and create page, provide the Role with a Name.
- Click Create Role.
To register the Bucket in the Syniti Knowledge Platform:
- Log in to the Syniti Knowledge Platform with an Administrator Account.
- Navigate to Admin and select Data Store.
NOTE: Only one data store can be registered at a time. If a data store is not registered, the page displays in Add mode. If a data store has already been added, it can be edited.
- Click Edit Data Store.
NOTE: For security reasons, none of the currently saved values display in the fields on this page, though they are saved in the database.
- Select Amazon S3 from the Type list box.
- Enter a Name for the Data Store.
- Enter the AWS Account in which the S3 bucket was created in the External Account ID field.
- Enter the Secret Pass Phase entered into the Role custom trust policy in the Passcode field.
- Enter the Role ARN, stored in the Role properties.
- Enter the exact name of the S2 Bucket in the Bucket field.
- Enter the AWS region in which the bucket was created in the Region field.
- Click Save.