How to Configure an Amazon S3 Destination in the Integration Center

Last Updated November 10, 2022

Brief Overview

By using WalkMe’s Integration Center it is possible to either export Insights reports to an Amazon Simple Cloud Storage (S3) bucket or to pull attributes from an Amazon Simple Cloud Storage (S3) bucket and populate data into WalkMe from for analytics and content segmentation.

Option A – Authenticate by Credentials

  1. In Authentication method choose: “By Credentials”
  2. Provide Access Key and Secret Key of your Amazon S3


Option B – Authenticate by Bucket Policy

(This option can only be used when using the WalkMe S3 Account)

  1. In Authentication method choose: “Bucket Policy”
  2. Access a bucket inside the WalkMe S3 account.
  3. Inside the Bucket, create a folder and name it “walkme”.
  4. Add the following to the bucket policy:
{
    "Version": "2008-10-17",
    "Id": "Policy1425481770636",
    "Statement": [
        {
            "Sid": "AllowWalkMeUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::758936404074:user/ic-s3-external-ops"
            },
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME"
        },
        {
            "Sid": "AllowWalkMeUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::758936404074:user/ic-s3-external-ops"
            },
            "Action": [
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/walkme/*"
        }
    ]
}

Please Note:

You should replace the `YOUR_BUCKET_NAME` above with the actual bucket name

Option C – Authenticate by IAM Role

This option enables adding an S3 bucket destination by having the client create an IAM role that can access their S3 bucket, and enabling WalkMe to assume that role to access it.

  1. Create S3 bucket with name <bucket-name>
  2. Create IAM Role with the following permissions and trust relationship:
    1. IAM Role permissions:
      • Replace ‘ <bucket-name> ‘ with actual bucket name
      {
          "Version""2012-10-17",
          "Statement": [
              {
                  "Sid""AllowWalkMeRole0",
                  "Effect""Allow",
                  "Action""s3:ListBucket",
                  "Resource""arn:aws:s3:::<bucket-name>/"
              },
              {
                  "Sid""AllowWalkMeRole1",
                  "Effect""Allow",
                  "Action": [
                      "s3:GetObject",
                      "s3:PutObject",
                      "s3:DeleteObject"
                  ],
                  "Resource""arn:aws:s3:::<bucket-name>/*"
              }
          ]
      }
    2. Trust relationship:
      {
        "Version""2012-10-17",
        "Statement": [
          {
            "Effect""Allow",
            "Principal": {
              "AWS": [
                 "arn:aws:iam::758936404074:role/integrateme-ecs-instance-production",
                 "arn:aws:iam::758936404074:role/rundeck-worker",
                 "arn:aws:iam::758936404074:role/chatbot-asg-prodeu",
                 "arn:aws:iam::758936404074:role/rundeck-worker-eu"
              ]
            },
            "Action""sts:AssumeRole",
            "Condition": {}
          }
        ]
      }
  3. In the Integration center – S3 destination setup form:
    1. Under Authentication Method select: “IAM Role – Bucket on Customer’s side”
    2. Enter the IAM role ARN value, <bucket-name> and its region

How to Add a Subfolder

To preserve order within the S3 folder, you can create subfolders inside your S3 destination folder. This can be done both for new destinations or editing existing destinations.

This is especially useful when you are using the S3 destination for more than one system, or for more then one analytic purpose, such as different reports exported for different in-house customer departments.

To add a subfolder, please follow these steps:

  1. Open the S3 destination in Insights
  2. In the “Optional Bucket Path” field, add a “/” and the name of the subfolder to be added
    • In the example image below you can see that the subfolder being added is called “subfolder_name”
  3. This will create a subfolder “subfolder_name” in the s3 folder instance

Was this article helpful?

Thanks for your feedback!
×

Select account type

Close
< Back

Mobile account login

< Back