1. Home
  2. Analytics and Business Intelligence
  3. Data Integration Center
  4. Integrations
  5. Integrations
  6. How to Configure an Amazon S3 Destination in the Integration Center

How to Configure an Amazon S3 Destination in the Integration Center

Updated on August 29, 2021 Download PDFDownload as PDF
image_pdf

Brief Overview

By using WalkMe’s Integration Center it is possible to either export Insights reports to an Amazon Simple Cloud Storage (S3) bucket or to pull attributes from an Amazon Simple Cloud Storage (S3) bucket and populate data into WalkMe from for analytics and content segmentation.

Option A – Authenticate by Credentials

  1. In Authentication method choose: “By Credentials”
  2. Provide Access Key and Secret Key of your Amazon S3


Option B – Authenticate by Bucket Policy

(This option can only be used when using the WalkMe S3 Account)

  1. In Authentication method choose: “Bucket Policy”
  2. Access a bucket inside the WalkMe S3 account.
  3. Inside the Bucket, create a folder and name it “walkme”.
  4. Add the following to the bucket policy:
{
    "Version": "2008-10-17",
    "Id": "Policy1425481770636",
    "Statement": [
        {
            "Sid": "AllowWalkMeUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::758936404074:user/ic-s3-external-ops"
            },
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME"
        },
        {
            "Sid": "AllowWalkMeUser",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::758936404074:user/ic-s3-external-ops"
            },
            "Action": [
                "s3:PutObject",
                "s3:DeleteObject",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::YOUR_BUCKET_NAME/walkme/*"
        }
    ]
}

Please Note:

You should replace the `YOUR_BUCKET_NAME` above with the actual bucket name

Option C – Authenticate by IAM Role

This option enables adding an S3 bucket destination by having the client create an IAM role that can access their S3 bucket, and enabling WalkMe to assume that role to access it.

  1. Create S3 bucket with name <bucket-name>
  2. Create IAM Role with the following permissions and trust relationship:
    1. IAM Role permissions:
      • Replace ‘ <bucket-name> ‘ with actual bucket name
      {
          "Version""2012-10-17",
          "Statement": [
              {
                  "Sid""AllowWalkMeRole0",
                  "Effect""Allow",
                  "Action""s3:ListBucket",
                  "Resource""arn:aws:s3:::<bucket-name>/"
              },
              {
                  "Sid""AllowWalkMeRole1",
                  "Effect""Allow",
                  "Action": [
                      "s3:GetObject",
                      "s3:PutObject",
                      "s3:DeleteObject"
                  ],
                  "Resource""arn:aws:s3:::<bucket-name>/*"
              }
          ]
      }
    2. Trust relationship:
      {
        "Version""2012-10-17",
        "Statement": [
          {
            "Effect""Allow",
            "Principal": {
              "AWS": [
                 "arn:aws:iam::758936404074:role/integrateme-ecs-instance-production",
                 "arn:aws:iam::758936404074:role/rundeck-worker",
                 "arn:aws:iam::758936404074:role/chatbot-asg-prodeu",
                 "arn:aws:iam::758936404074:role/rundeck-worker-eu"
              ]
            },
            "Action""sts:AssumeRole",
            "Condition": {}
          }
        ]
      }
  3. In the Integration center – S3 destination setup form:
    1. Under Authentication Method select: “IAM Role – Bucket on Customer’s side”
    2. Enter the IAM role ARN value, <bucket-name> and its region

Was this article helpful?

Thanks for your feedback!

Related Articles

< Back