From 7d2c8b1d9732fd25dd9c1b86cc2a0118bda34f41 Mon Sep 17 00:00:00 2001 From: Hitisha Damani Date: Mon, 1 Nov 2021 13:36:28 -0500 Subject: [PATCH 1/4] initial commit --- .../data-lakes/data-lakes-manual-setup.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/src/connections/storage/data-lakes/data-lakes-manual-setup.md b/src/connections/storage/data-lakes/data-lakes-manual-setup.md index 0872b4f712..a92cfea04d 100644 --- a/src/connections/storage/data-lakes/data-lakes-manual-setup.md +++ b/src/connections/storage/data-lakes/data-lakes-manual-setup.md @@ -66,6 +66,8 @@ The following steps provide examples of the IAM Role and IAM Policy. ### IAM Role +###### 1. For `us-west-2` region: + Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: ```json @@ -94,6 +96,34 @@ Create a `segment-data-lake-role` role for Segment to assume. Attach the followi ] } ``` +###### 2. For other regions: + +Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "", + "Effect": "Allow", + "Principal": { + "AWS": [ + "arn:aws:iam::595280932656:role/segment-datalakes-production-access", + ] + }, + "Action": "sts:AssumeRole", + "Condition": { + "StringEquals": { + "sts:ExternalId": [ + "WORKSPACE_ID" + ] + } + } + } + ] +} +``` > note "" > **NOTE:** Replace the `ExternalID` list with the Segment `WorkspaceID` that contains the sources to sync to the Data Lake. From dd5e3d2834bcd0d33f1380b019d5fb51dd3b8bc8 Mon Sep 17 00:00:00 2001 From: Hitisha Damani Date: Mon, 1 Nov 2021 16:02:30 -0500 Subject: [PATCH 2/4] adding iam code for eu region --- src/connections/storage/data-lakes/data-lakes-manual-setup.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/connections/storage/data-lakes/data-lakes-manual-setup.md b/src/connections/storage/data-lakes/data-lakes-manual-setup.md index a92cfea04d..cbb710ca6e 100644 --- a/src/connections/storage/data-lakes/data-lakes-manual-setup.md +++ b/src/connections/storage/data-lakes/data-lakes-manual-setup.md @@ -96,7 +96,7 @@ Create a `segment-data-lake-role` role for Segment to assume. Attach the followi ] } ``` -###### 2. For other regions: +###### 2. For `eu-west-1` region: Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: From 3c752c4f1b8f9639f183f6867dcd99d045b4f681 Mon Sep 17 00:00:00 2001 From: Hitisha Damani Date: Mon, 1 Nov 2021 16:03:59 -0500 Subject: [PATCH 3/4] editting the titles --- src/connections/storage/data-lakes/data-lakes-manual-setup.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/connections/storage/data-lakes/data-lakes-manual-setup.md b/src/connections/storage/data-lakes/data-lakes-manual-setup.md index cbb710ca6e..68fa107aa2 100644 --- a/src/connections/storage/data-lakes/data-lakes-manual-setup.md +++ b/src/connections/storage/data-lakes/data-lakes-manual-setup.md @@ -66,7 +66,7 @@ The following steps provide examples of the IAM Role and IAM Policy. ### IAM Role -###### 1. For `us-west-2` region: +###### 1. For DataLake created in US workspaces: Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: @@ -96,7 +96,7 @@ Create a `segment-data-lake-role` role for Segment to assume. Attach the followi ] } ``` -###### 2. For `eu-west-1` region: +###### 2. For DataLake created in EU workspaces: Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: From 4bcbe4a7efc46372fb7adbf91dbbbd9bda46adc0 Mon Sep 17 00:00:00 2001 From: stayseesong <83784848+stayseesong@users.noreply.github.com> Date: Tue, 2 Nov 2021 14:25:57 -0700 Subject: [PATCH 4/4] Update data-lakes-manual-setup.md --- .../data-lakes/data-lakes-manual-setup.md | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/src/connections/storage/data-lakes/data-lakes-manual-setup.md b/src/connections/storage/data-lakes/data-lakes-manual-setup.md index 68fa107aa2..07e879b091 100644 --- a/src/connections/storage/data-lakes/data-lakes-manual-setup.md +++ b/src/connections/storage/data-lakes/data-lakes-manual-setup.md @@ -66,9 +66,11 @@ The following steps provide examples of the IAM Role and IAM Policy. ### IAM Role -###### 1. For DataLake created in US workspaces: +Create a `segment-data-lake-role` for Segment to assume. The trust relationship document you attach to the role will be different depending on your workspace region. -Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: +#### IAM Role for Data Lakes created in US workspaces: + +Attach the following trust relationship document to the role to create a `segment-data-lake-role` role for Segment: ```json { @@ -96,9 +98,16 @@ Create a `segment-data-lake-role` role for Segment to assume. Attach the followi ] } ``` -###### 2. For DataLake created in EU workspaces: -Create a `segment-data-lake-role` role for Segment to assume. Attach the following trust relationship document to the role: +> note "" +> **NOTE:** Replace the `ExternalID` list with the Segment `WorkspaceID` that contains the sources to sync to the Data Lake. + +#### IAM Role for Data Lakes created in EU workspaces: + +> info "" +> EU workspaces are currently in beta. If you would like to learn more about the beta, please contact your account manager. + +Attach the following trust relationship document to the role to create a `segment-data-lake-role` role for Segment. ```json {