1 Overview
2 Configuration
- 2.1 AWS Account Configuration
  - 2.1.1 Create a Role
  - 2.1.2 Attach a Policy
- 2.2 Lead Liaison Account Configuration
3 Exporting to AWS S3

Overview

Lead Liaison integrates with Amazon Web Services S3 object storage. The integration exports data to an AWS S3 bucket in a secure manner without the need to share IAM user credentials (access keys and secret keys).

Configuration

AWS Account Configuration

Create a Role

Name: LeadLiaison
Trusted entity type: Another AWS Account
- Specify the Lead Liaison AWS Account ID: 120390932003
- Check the External ID checkbox and specify it as “LEADLIAISON_{customerID}”. Example: “LEADLIAISON_11238”. To find your Customer ID navigate to Setup > Account > Status and look for Account ID.

Attach a Policy

Attach a policy to this role that contains the permissions in the box below. After saving the Role you’ll see the Role ARN in the Role summary page.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": "arn:aws:s3:::$BUCKET_NAME$/*"
        }
    ]
}

If the bucket is encrypted using AWS-KMS, the role’s policy would look like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl"
            ],
            "Resource": [
                "arn:aws:s3:::$BUCKET_NAME$/*"
            ],
            "Effect": "Allow"
        },
        {
            "Action": [
                "kms:Encrypt",
                "kms:GenerateDataKey",
                "kms:DescribeKey",
                "kms:ReEncrypt*"
            ],
            "Resource": [
                "$AWS_KMS_KEY_ARN$"
            ],
            "Effect": "Allow"
        }
    ]
}

Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.
Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.

Lead Liaison Account Configuration

To set up an integration with AWS S3 do the following:

Navigate to Setup > Integrations > Connectors > AWS S3
- AWS Region: Specify your AWS region.
- Role ARN: The created “LeadLiaison” Role ARN: For example: arn:aws:iam::165312800873:role/LeadLiaison
- Bucket Name: Your AWS S3 bucket name.
- Bucket Encryption:
  - None
  - AES-256
  - AWS-KMS
    - When AWS-KMS encryption is selected there’s an additional field called AWS-KMS Key ARN, which is required.

Standard AWS S3 Connector:

Standard AWS S3 Connector with AWS-KMS Encryption:

Exporting to AWS S3

To export data to your AWS S3 bucket do the following:

Navigate to Content > Events then hover over the Event you want to export leads for.
Click the down arrow and select Export.
Choose AWS S3 in your export options.