Source & Destination Auth

AWS

In order to read and write data from various AWS services (such as AWS S3, SQS, etc), Observo recommends creating a user in your AWS account with scoped permissions to access resources in AWS. If any of the following use cases apply to you, we recommend creating an AWS user with a Policy attached below:

You have an Archival Destination set up in AWS
S3 is a Source in an Observo Pipeline
S3 is a Destination in an Observo Pipeline

It is recommended that you scope down permissions for the Observo user to only the resources that are part of Pipelines in Observo. Please modify the "Resource" field in the below Policy to restrict the scope of this Policy.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sqs:ReceiveMessage",
                "sqs:DeleteMessage",
                "sqs:ChangeMessageVisibility",
                "sqs:GetQueueAttributes",
                "sqs:GetQueueUrl"
            ],
            "Resource": ["arn:aws:sqs:*:*:"]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:GetObject",
                "s3:PutObject",
                "s3:GetObjectAttributes"
            ],
            "Resource": ["arn:aws:s3:::*/"]
        },
        {
            "Effect": "Allow",
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": "arn:aws:s3:::*"
        }
    ]
}

PreviousAuthentication NextOnPrem

Last updated 2 years ago

Was this helpful?