Send data to Amazon S3¶
Amazon Simple Storage Service (Amazon S3) stores customer data files of any size in any file formats.
This topic describes the steps that are required to send files to Amazon S3 from Amperity:
Get details¶
The Amazon S3 destination requires the following configuration details:
![]() |
The name of the S3 bucket to which Amperity will send data. |
![]() |
For cross-account role assumption you will need the value for the Target Role ARN, which enables Amperity to access the customer-managed Amazon S3 bucket. Note The values for the Amperity Role ARN and the External ID fields are provided automatically. Review the following sample policy, and then add a similar policy to the customer-managed Amazon S3 bucket that allows Amperity access to the bucket. Add this policy as a trusted policy to the IAM role that is used to manage access to the customer-managed Amazon S3 bucket. The policy for the customer-managed Amazon S3 bucket is unique, but will be similar to: {
"Statement": [
{
"Sid": "AllowAmperityAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::account:role/resource"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "01234567890123456789"
}
}
}
]
}
The value for the role ARN is similar to: arn:aws:iam::123456789012:role/prod/amperity-plugin
An external ID is an alphanumeric string between 2-1224 characters (without spaces) and may include the following symbols: plus (+), equal (=), comma (,), period (.), at (@), colon (:), forward slash (/), and hyphen (-). |
Configure cross-account roles¶
Amperity prefers to pull data from and send data to customer-managed cloud storage.
Amperity requires using cross-account role assumption to manage access to Amazon S3 to ensure that customer-managed security policies control access to data.
This approach ensures that customers can:
Directly manage the IAM policies that control access to data
Directly manage the files that are available within the Amazon S3 bucket
Modify access without requiring involvement by Amperity; access may be revoked at any time by either Amazon AWS account, after which data sharing ends immediately
Directly troubleshoot incomplete or missing files
Note
After setting up cross-account role assumption, a list of files (by filename and file type), along with any sample files, must be made available to allow for feed creation. These files may be placed directly into the shared location after cross-account role assumption is configured.
Can I use an Amazon AWS Access Point?
Yes, but with the following limitations:
The direction of access is Amperity access files that are located in a customer-managed Amazon S3 bucket
A credential-free role-to-role access pattern is used
Traffic is not restricted to VPC-only
To configure an S3 bucket for cross-account role assumption
The following steps describe how to configure Amperity to use cross-account role assumption to pull data from (or push data to) a customer-managed Amazon S3 bucket.
Important
These steps require configuration changes to customer-managed Amazon AWS accounts and must be done by users with administrative access.
Add destination¶
Configure Amperity to send files directly to Amazon S3.
To add a destination
Add data template¶
A data template defines how columns in Amperity data structures are sent to downstream workflows. A data template is part of the configuration for sending query and segment results from Amperity to an external location.
To add a data template
![]() |
From the Destinations tab, open the menu for a destination that is configured for Amazon S3, and then select Add data template. This opens the Add Data Template dialog box. ![]() Enter the name of the data template and a description. For example: “Amazon S3” and “Send files to Amazon S3.”. |
![]() |
Verify business user access to queries and orchestrations and access to segments and campaigns. A business user may also have restricted access to PII, which prevents them from viewing and sending customer profile data. ![]() If business user access was not configured as part of the destination, you may configure access from the data template. Important To allow business users to use this destination with campaigns, you must enable the Make available to campaigns option. This allows users to send campaign results from Amperity to Amazon S3. If you enable this option, the data extension settings require using campaign name and group name template variables to associate the name of the data extension to your campaign. |
![]() |
Verify all configuration settings. ![]() Note When the settings required by Amazon S3 were are not configured as part of the destination, you must configure them as part of the data template before making this destination available to campaigns. |
![]() |
Review all settings, and then click Save. ![]() After you have saved the data template, and depending on how you configured it, business users can send query results and/or send campaigns to Amazon S3. |
Workflow actions¶
A workflow will occasionally show an error that describes what prevented a workflow from completing successfully. These first appear as alerts in the notifications pane. The alert describes the error, and then links to the Workflows tab.
Open the Workflows tab to review a list of workflow actions, choose an action to resolve the workflow error, and then follow the steps that are shown.
Invalid bucket name¶
The name of the Amazon S3 bucket to which Amperity pushes data must be correctly specified in the configuration for the destination in the Destinations page.
To resolve this error, do the following.
Open the AWS management console and verify the name of the Amazon S3 bucket.
Open the Destinations page in Amperity, and then open the destination that is associated with this workflow.
Update the destination for the correct Amazon S3 bucket name.
Return to the workflow action, and then click Resolve to retry.
Invalid credentials¶
The credentials that are defined in Amperity are invalid.
To resolve this error, verify that the credentials required by this workflow are valid.
Open the Credentials page.
Review the details for the credentials used with this workflow. Update the credentials for Amazon S3 if required.
Return to the workflow action, and then click Resolve to retry this workflow.