1 Overview
2 Configuration
- 2.1 AWS Account Configuration
  - 2.1.1 Create a Role
  - 2.1.2 Attach a Policy
- 2.2 Lead Liaison Account Configuration
3 Exporting to AWS S3

Overview

Lead Liaison integrates with Amazon Web Services S3 object storage. The integration exports data to an AWS S3 bucket in a secure manner without the need to share IAM user credentials (access keys and secret keys).

Configuration

AWS Account Configuration

Create a Role

Name: LeadLiaison
Trusted entity type: Another AWS Account
- Specify the Lead Liaison AWS Account ID: 120390932003
- Check the External ID checkbox and specify it as “LEADLIAISON_{customerID}”. Example: “LEADLIAISON_11238”. To find your Customer ID navigate to Setup > Account > Status and look for Account ID.

Attach a Policy

Attach a policy to this role that contains the permissions in the box below. After saving the Role you’ll see the Role ARN in the Role summary page.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::$BUCKET_NAME$/*"
        }
    ]
}

If the bucket is encrypted using AWS-KMS, the role’s policy would look like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::$BUCKET_NAME$/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:DescribeKey",
                "kms:ReEncrypt*"
            ],
            "Resource": [
                "$AWS_KMS_KEY_ARN$"
            ],
            "Effect": "Allow"
        }
    ]
}

Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.
Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.

Lead Liaison Account Configuration

To set up an integration with AWS S3 do the following:

Navigate to Setup > Integrations > Connectors > AWS S3
- AWS Region: Specify your AWS region.
- Role ARN: The created “LeadLiaison” Role ARN: For example: arn:aws:iam::165312800873:role/LeadLiaison
- Bucket Name: Your AWS S3 bucket name.
- Bucket Encryption:
  - None
  - AES-256
  - AWS-KMS
    - When AWS-KMS encryption is selected there’s an additional field called AWS-KMS Key ARN, which is required.

Standard AWS S3 Connector:

Standard AWS S3 Connector with AWS-KMS Encryption:

Exporting to AWS S3

To export data to your AWS S3 bucket do the following:

Navigate to Content > Events then hover over the Event you want to export leads for.
Click the down arrow and select Export.
Choose AWS S3 in your export options.

Lead Liaison

AWS S3

Analytics