S3 Bucket Policy Information

There are three ways to set up your bucket policy: a joint bucket policy (for Data Exporter and Event Stream); an Event Stream only bucket policy; and a Data Exporter connection.

Joint Bucket Policy for Event Stream and Data Exporter

Note: Remember to replace [yourbucketname] in the code with your S3 bucket path in the two ‘Resource’ lines. Be sure to also omit the square braces in the sample.

  1. Configure a dedicated S3 bucket to Sailthru. This bucket can be located in any AWS region.
  2. Apply a bucket policy giving Sailthru the appropriate write access. Below is a sample policy with an export bucket called [yourbucketname] (this can be copy-and-pasted, and you only need to change the bucket name to your own and remove the square braces):
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "bucket permissions",
                "Effect": "Allow",
                "Principal": {"AWS": ["arn:aws:iam::728023223659:user/integ","arn:aws:iam::099647660399:root"]},
                "Action": [
                    "s3:GetBucketLocation",
                    "s3:ListBucket"
                ],
                "Resource": "arn:aws:s3:::[yourbucketname]"
            },
            {
                "Sid": "key permissions",
                "Effect": "Allow",
                "Principal": {"AWS": ["arn:aws:iam::728023223659:user/integ","arn:aws:iam::099647660399:root"]},
                "Action": [
                    "s3:PutObject",
                    "s3:GetObject",
                    "s3:DeleteObject",
                    "s3:PutObjectAcl",
                    "s3:GetObjectAcl"
                ],
                "Resource": "arn:aws:s3:::[yourbucketname]/*"
            }
        ]
    }

Event Stream only policy for S3

Note: Remember to replace [yourbucketname] in the code with your S3 bucket path in the two ‘Resource’ lines. Be sure to also omit the square braces in the sample.

  1. Configure a dedicated S3 bucket to Sailthru. This bucket can be located in any AWS region.
  2. Apply a bucket policy giving Sailthru the appropriate write access. Below is a sample policy with an export bucket called [yourbucketname] (this can be copy-and-pasted, and you only need to change the bucket name to your own and remove the square braces):
    {
        "Version": "2012-10-17",
        "Statement": [
            {
                "Sid": "bucket permissions",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::099647660399:root"
                },
                "Action": "s3:ListBucket",
                "Resource": "arn:aws:s3:::[yourbucketname]"
             },
            {
                "Sid": "object permissions",
                "Effect": "Allow",
                "Principal": {
                    "AWS": "arn:aws:iam::099647660399:root"
                },
                "Action": [
                    "s3:PutObject",
                    "s3:DeleteObject"
                ],
                "Resource": "arn:aws:s3:::[yourbucketname]/*"
            }
        ]
    }
    

Configuring Sailthru Connect to use your S3 Bucket

Log in to Sailthru and configure your S3 bucket in the Settings > Setup > Integrations view. Enter your S3 bucket name in the “Sailthru Connect S3 Bucket”.

After the connection is set

Once you’ve saved your S3 bucket, and having implemented the proper policy, two processes will start.

  1. Data will start flowing within 2 hours to stream event data to your bucket. After the stream starts, more data will be streamed every hour.
  2. A connection validation will be run intermittently. We will upload-then-delete a file named _ACCESS_CONFIRMATION which can be safely ignored. This will be a top-level file, located at s3://example_bucket/_ACCESS_CONFIRMATION.

Data Exporter only policy for S3

Permission the Sailthru user account to be able to write to a bucket that is owned by your company as per AWS documentation. You will use the Sailthru public S3 account principal: arn:aws:iam::728023223659:user/integ

http://docs.aws.amazon.com/AmazonS3/latest/dev/example-walkthroughs-managing-access-example2.html

After setting up the bucket with the account principal, contact Sailthru Support with the bucket name and a path to export to.

Top