AWS S3

Overview

Lead Liaison integrates with Amazon Web Services S3 object storage. The integration exports data to an AWS S3 bucket in a secure manner without the need to share IAM user credentials (access keys and secret keys).

Configuration

AWS Account Configuration

Create a Role

  • Name: LeadLiaison

  • Trusted entity type: Another AWS Account

    • Specify the Lead Liaison AWS Account ID: 120390932003

    • Check the External ID checkbox and specify it as “LEADLIAISON_{customerID}”. Example: “LEADLIAISON_11238”. To find your Customer ID navigate to Setup > Account > Status and look for Account ID.

Attach a Policy

  • Attach a policy to this role that contains the permissions in the box below. After saving the Role you’ll see the Role ARN in the Role summary page.

1 2 3 4 5 6 7 8 9 10 11 12 13 { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": "arn:aws:s3:::$BUCKET_NAME$/*" } ] }
  • If the bucket is encrypted using AWS-KMS, the role’s policy would look like the following:

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 { "Version": "2012-10-17", "Statement": [ { "Action": [ "s3:PutObject", "s3:PutObjectAcl" ], "Resource": [ "arn:aws:s3:::$BUCKET_NAME$/*" ], "Effect": "Allow" }, { "Action": [ "kms:Encrypt", "kms:GenerateDataKey", "kms:DescribeKey", "kms:ReEncrypt*" ], "Resource": [ "$AWS_KMS_KEY_ARN$" ], "Effect": "Allow" } ] }
  • Make sure to replace $BUCKET_NAME$ with your bucket name. This is where we will upload files.

  • Replace $AWS_KMS_KEY_ARN$ with your AWS KMS key used to encrypt the bucket.

Lead Liaison Account Configuration

To set up an integration with AWS S3 do the following:

  • Navigate to Setup > Integrations > Connectors > AWS S3

    • AWS Region: Specify your AWS region.

    • Role ARN: The created “LeadLiaison” Role ARN: For example: arn:aws:iam::165312800873:role/LeadLiaison

    • Bucket Name: Your AWS S3 bucket name.

    • Bucket Encryption:

      • None

      • AES-256

      • AWS-KMS

        • When AWS-KMS encryption is selected there’s an additional field called AWS-KMS Key ARN, which is required.

Standard AWS S3 Connector:

Standard AWS S3 Connector with AWS-KMS Encryption:

Exporting to AWS S3

To export data to your AWS S3 bucket do the following:

  • Navigate to Content > Events then hover over the Event you want to export leads for.

  • Click the down arrow and select Export.

  • Choose AWS S3 in your export options.