AWS is a secure method of sending your data to Resonate. Your Resonate Client Success Manager will work closely with you throughout the onboarding process.
To get started with AWS, you will need to provide your Resonate Client Success Manager with an AWS User/Role ARN and Account ID. Optionally, if you wish to copy directly from an S3 bucket you own to ours, provide the S3 Bucket Name. Those two or three pieces of information will be used to create a role in Resonate’s AWS account that can read/write to a Resonate S3 bucket that Resonate engineers will create for you.
Once the S3 bucket, role, and policy have been created on Resonate’s end, your Resonate Customer Success Manager will provide you with a document that includes all the information that your team will need to implement on your side to share files. Below you will find the detailed instructions on how to set up the account - please keep in mind these steps cannot be completed prior to receiving your credentials from Resonate.
AWS Setup Steps
These are the steps that the user uploading to Resonate’s S3 path will need to follow
-
You will need to attach an IAM policy to the user or role your provided above to allow the user or role to assume the role in Resonate’s account. The policy should look like the following:
For example, if the role provided to you by Resonate is arn:aws:iam::123456789012:role/SampleResonateIntegrationsRole, then the policy you attach to your user or role would look like the following:
-
If you optionally provided an S3 bucket above, you will need to update the S3 bucket policy for the bucket you provided above to have the following appended (within the statement section):
For example, if the role provided to you by Resonate is arn:aws:iam::123456789012:role/SampleResonateIntegrationsRole and your bucket is named test-bucket, then the policy would look like the following:
File Upload Steps
These are the steps that the user uploading to Resonate’s S3 path will need to follow
At a high-level, these are the steps you will be following as documented by AWS: Copy data from an S3 bucket to another account and Region by using the AWS CLI - AWS Prescriptive Guidance .
-
Download AWS CLI if not already installed. Instructions located here: Installing or updating to the latest version of the AWS CLI - AWS Command Line Interface
- Set up your local AWS configuration: Setting up the AWS CLI - AWS Command Line Interface. You will need to be able to issue commands as the user or role you provided to Resonate above. This will depend on your organization’s AWS setup.
-
Set up the Resonate assume role
-
In your aws configuration file (~/.aws/config on Mac/Linux or C:\Users\USERNAME\.aws\config on Windows), add a new profile with the following:
-
role_arn
(provided by Resonate) -
source_profile
(the name of the profile that contains the user or role you provided to Resonate) -
external_id
= (provided by Resonate) - example:
- If you need to first assume the role or user you provided Resonate (assuming this is arn:aws:iam::112233445566:role/SampleResonateAssumeRole in this example), you might have to do something like the following:
-
-
Once that setup is completed you can assume the role by adding:
--profile <your profile>
to the end of your aws command. Make sure to run the following two commands to ensure that you are able to successfully assume the role and can see the files in Resonate’s bucket- Assume role check:ARN printed should match the role provided by Resonate.
- List files check:
-
In your aws configuration file (~/.aws/config on Mac/Linux or C:\Users\USERNAME\.aws\config on Windows), add a new profile with the following:
-
Upload file using AWS S3
cp
Command- Once you have set your local AWS credentials, you can use the AWS command line to upload to the path provided by your account manager
-
More information is located here: cp — AWS CLI 1.36.9 Command Reference
- Copy from local:
- Copy from S3 bucket (if optionally provided)
Troubleshooting
-
I am receiving the error “An error occurred (AccessDenied) when calling the AssumeRole operation”.
-
This is usually caused by an issue with the policy attached to your user or role but could be a couple of things. Please check the following:
- Please check step 1 in the AWS setup steps above and ensure that the policy that Resonate provided has been properly attached to the role or user that you provided Resonate and the correct Resonate role ARN has been filled in within that policy.
- Check that the role that it is trying to assume in the error message is showing that it is attempting to assume the correct Resonate role.
- Check that your current role or user matches the one you provided Resonate. See 3b in the File Upload steps for more details.
-
This is usually caused by an issue with the policy attached to your user or role but could be a couple of things. Please check the following:
-
I am receiving the error “An error occurred (AccessDenied) when calling the CopyObject operation: Access Denied”
- This usually means that you have not properly assumed the Resonate role. Please see 3b in the File Upload steps for more details on how to check.
-
I am receiving the error “fatal error: An error occurred (403) when calling the HeadObject operation: Forbidden”
- This usually means that you have not provided the Resonate role access to read directly from your S3 bucket. Please see step 2 in the AWS setup steps above for more details.
Comments
0 comments
Please sign in to leave a comment.