User GuideGamification GuideDeveloper GuideAPI Reference
User Guide
Xtremepush.com
Start typing to search…

Amazon S3

Configure the Xtremepush S3 data integration using static keys or Assume Role.

The Amazon S3 integration allows you to integrate your S3 buckets with the Xtremepush platform. This integration allows the import of data to and the export of data from the Xtremepush platform

To set up the integration, go to Settings > Marketplace > Amazon S3 and click Connect Now. There are two available authentication modes for this integration:

  • Authentication Mode 1: Static Access Key and Secret Key
  • Authentication Mode 2: Assume Role (AWS Cloud only)

Authentication Mode 1: Static Access Key and Secret Key

The Access/Secret Key authentication mode uses a static key pair to authenticate all data transfers. This pair is associated with a permanent IAM identity in your AWS account.

To configure the integration, enter the following:

  1. Under Basic Settings, enter the name for your integration. This name appears when you configure the data source for automated imports and exports in the Automations tab in Xtremepush.
  2. Under Connection Settings, enter the following:
    • Access Key: The public identifier for the IAM user that the integration will act as.
    • Secret Key: The private key used to sign in every request. This key must be kept confidential.
    • Region: The specific AWS geographic area where your target S3 bucket is located.
    • Bucket Name: The name of the S3 container where the data will be read from or written to.
    • Object Prefix: An optional string that acts as an object or folder prefix. This filters the files the integration will interact with.
    • Endpoint URL: The full server address. Only required if you are connecting to a third-party S3-compatible service.
    • Use Path Style Endpoint: Only enable this toggle if connecting to a third-party S3-compatible service that requires the path-style URL structure.
  3. Click Connect

Authentication Mode 2: Assume Role (AWS Cloud Only)

The Assume Role authentication mode is recommended for cross-account access and is for native AWS S3 buckets only. It uses the AWS Security Token Service to grant temporary, time-limited credentials from your AWS account to the Xtremepush platform.

Prerequisites

Before you can configure the integration, you must first create an IAM Role in your AWS account and define the access permissions. This process requires defining defining the trust policy and its associated permissions policy.

  1. Define the trust policy: The Trust Policy is attached to the IAM Role and explicitly defines which identity is permitted to assume the role. You must configure the policy to trust the Xtremepush AWS Account ID as the Principal.

    • Account ID: Replace with Xtremepush AWS Account ID.

      • If your projects are in our shared cloud, use 447313029603.
      • If you have a private cloud environment, contact Xtremepush support. See Contact Us for details on contacting Xtremepush support.

    • External ID: A unique identifier that must be included in the Trust Policy. This ID acts as a security check to prevent an unauthorised third-party from trying to assume the role, ensuring only the Xtremepush platform can establish the connection.

      The External ID value must have a minimum of 2 characters and a maximum of 1,224 characters. The value must be alphanumeric without white space. It can also include the following symbols: plus (+), equal (=), comma (,), period (.), at (@), colon (:), forward slash (/), and hyphen (-).

    • Example Trust Policy:


    {
  "Effect": "Allow",
  "Principal": {
    "AWS": "arn:aws:iam::<accountId>:root"
  },
  "Action": "sts:AssumeRole",
  "Condition": {
    "StringEquals": {
      "sts:ExternalId": "<externalID>"
    }
  }
}
  2. Attach the Permissions Policy, which defines what the assumed role can do.
🚧

Permissions for File Management

For reliable data imports, ensure you include the necessary permissions that allow Xtremepush to manage the files. For example, if the policy does not include put and delete permissions, Xtremepush will not be able to archive or delete the file, resulting in duplicate data being processed or data import failures.

  • Example Permission Policy:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucketMultipartUploads",
                "s3:ListBucket",
                "s3:DeleteObject",
                "s3:ListMultipartUploadParts"
            ],
            "Resource": [
                "arn:aws:s3:::<bucket_name>/*",
                "arn:aws:s3:::<bucket_name>"
            ]
        }
    ]
}

Configure the integration

Once your IAM Role is set up in AWS, enter its details here to configure the integration.

  1. Under Basic Settings, enter the name for your integration. This name appears when you configure the data source for automated imports and exports in the Automations tab in Xtremepush.
  2. Under Connection Settings, enter the following:
    • Role ARN: The unique Amazon Resource Name (ARN) for the IAM Role you created.
    • Role Session Name: A unique, descriptive name used in your CloudTrail audit logs to track the role's activity.
    • Role External ID: The exact security code you defined in the IAM Role's Trust Policy.
    • Region: The specific AWS geographic area where your target S3 bucket is located.
    • Bucket Name: The name of the S3 container where the data will be read from or written to.
    • Object Prefix: An optional string that acts as an object or folder prefix. This filters the files the integration will interact with.
    • Endpoint URL: The full server address. Only required if you are connecting to a third-party S3-compatible service.
    • Use Path Style Endpoint: Only enable this toggle if connecting to a third-party S3-compatible service that requires the path-style URL structure.
  3. Click Connect

Updated about 3 hours ago