ÃÛ¶¹ÊÓƵ

Configure cloud import and export accounts

NOTE
Consider the following when creating and editing accounts:
  • System administrators can restrict users from creating accounts, as described in Configure whether users can create accounts. If you can’t create accounts as described in this section, contact your system administrator.
  • An account can be edited only by the user who created it or by a system administrator.

You can configure a cloud account that is used for any or all of the following purposes:

You need to configure ÃÛ¶¹ÊÓƵ Analytics with the necessary information to access your cloud account. This process consists of adding and configuring the account (such as Amazon S3 Role ARN, Google Cloud Platform, and so forth) as described in this article, and then adding and configuring the location within that account (such as a folder within the account) as described in Configure cloud import and export locations.

For information about how to view and delete existing accounts, see Locations manager.

To configure a cloud import or export account:

  1. In ÃÛ¶¹ÊÓƵ Analytics, select Components > Locations.

  2. On the Locations page, select the Location accounts tab.

  3. (Conditional) If you are a system administrator, you can enable the View accounts for all users option to view accounts created by all users in your organization.
    view accounts for all users

  4. To create a new account, select Add account.

    The Location account details dialog displays.

    Or

    To edit an existing account, locate the account that you want to edit, then select the Edit details button.

    The Add account dialog displays.

  5. Specify the following information:

    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2
    Field Function
    Location account name The name of the location account. This name appears when creating a location
    Location account description Provide a short description of the account to help differentiate it from other accounts of the same account type.
    Make account available to all users in your organization

    Enable this option to allow other users in your organization to use the account.

    Consider the following when sharing accounts:

    • Accounts that you share cannot be unshared.
    • Shared accounts can be edited only by the owner of the account.
    • Anyone can create a location for the shared account.
    Account type

    Select your cloud account type. We recommend having a single account for each account type, with multiple locations as needed within that account.

    System administrators can limit the account types that users can create, as described in Configure whether users can create accounts. If you can’t create accounts as described in this section, contact your system administrator.

  6. In the Account properties section, specify information specific to the account type that you selected.

    For configuration instructions, expand the section below that corresponds to the Account type that you selected. (Additional legacy account types are also available, but are not recommended.)

    Account types

    accordion
    Amazon S3 Role ARN

    To configure an Amazon S3 Role ARN account, specify the following information:

    table 0-row-2 1-row-2 layout-auto
    Field Function
    Role ARN You must provide a Role ARN (Amazon Resource Name) that ÃÛ¶¹ÊÓƵ can use to gain access to the Amazon S3 account. To do this, you create an IAM permission policy for the source account, attach the policy to a user, and then create a role for the destination account. For specific information, see .
    accordion
    Google Cloud Platform

    To configure a Google Cloud Platform account, specify the following information:

    table 0-row-2 1-row-2 layout-auto
    Field Function
    Project ID Your Google Cloud project ID. See the .
    accordion
    Azure SAS

    To configure an Azure SAS account, specify the following information:

    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 layout-auto
    Field Function
    Application ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the .
    Tenant ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the .
    Key vault URI

    The path to the SAS token in Azure Key Vault. To configure Azure SAS, you must store an SAS token as a secret using Azure Key Vault. For information, see the .

    After the key vault URI is created, add an access policy on the Key Vault to grant permission to the Azure application that you created. For information, see the .

    Key vault secret name The secret name that you created when adding the secret to Azure Key Vault. In Microsoft Azure, this information is located in the Key Vault you created, on the Key Vault settings page. For information, see the .
    Location account secret Copy the secret from the Azure application that you created. In Microsoft Azure, this information is located on the Certificates & secrets tab within your application. For more information, see the .
    accordion
    Azure RBAC

    To configure an Azure RBAC account, specify the following information:

    table 0-row-2 1-row-2 2-row-2 3-row-2 layout-auto
    Field Function
    Application ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the .
    Tenant ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the .
    Location account secret Copy the secret from the Azure application that you created. In Microsoft Azure, this information is located on the Certificates & secrets tab within your application. For more information, see the .
    accordion
    Email
    note note
    NOTE
    Email accounts can be used only with Data Warehouse. (Email accounts are not supported with Data Feeds or Classification sets).

    To configure an Azure RBAC account, specify the following information:

    table 0-row-2 1-row-2 layout-auto
    Field Function
    Recipients Email notifications can be sent to specific users when the report is sent. Specify a single email address or a comma-separated list of email addresses.

    Legacy account types

    These legacy account types are available only when exporting data with Data Feeds and Data Warehouse. These options are not available when importing data with Classification sets.

    accordion
    FTP

    Data feed data can be delivered to an ÃÛ¶¹ÊÓƵ or customer-hosted FTP location. Requires an FTP host, username, and password. Use the path field to place feed files in a folder. Folders must already exist; feeds throw an error if the specified path does not exist.

    table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 layout-auto
    Field Function
    Host Enter the desired FTP destination URL. For example, ftp.adobe.com.
    Path Can be left blank.
    Username Enter the username to log in to the FTP site.
    Password and confirm password Enter the password to log in to the FTP site.
    accordion
    SFTP
    SFTP support for data feeds is available. Requires an SFTP host, username, and the destination site to contain a valid RSA or DSA public key. You can download the appropriate public key when creating the feed.
    accordion
    S3

    You can send warehouse data directly to Amazon S3 buckets. This destination type requires a Bucket name, an Access Key ID, and a Secret Key. See within the Amazon S3 docs for more information.

    The user you provide for uploading data warehouse data must have the following :

    • s3:GetObject
    • s3:PutObject
    • s3:PutObjectAcl

    The following 16 standard AWS regions are supported (using the appropriate signature algorithm where necessary):

    • us-east-2
    • us-east-1
    • us-west-1
    • us-west-2
    • ap-south-1
    • ap-northeast-2
    • ap-southeast-1
    • ap-southeast-2
    • ap-northeast-1
    • ca-central-1
    • eu-central-1
    • eu-west-1
    • eu-west-2
    • eu-west-3
    • eu-north-1
    • sa-east-1
    note note
    NOTE
    The cn-north-1 region is not supported.
    accordion
    Azure Blob

    Data warehouse supports Azure Blob destinations. Requires a container, account, and a key. Amazon automatically encrypts the data at rest. When you download the data, it gets decrypted automatically. See within the Microsoft Azure docs for more information.

    note note
    NOTE
    You must implement your own process to manage disk space on the data warehouse destination. ÃÛ¶¹ÊÓƵ does not delete any data from the server.
  7. Select Save.

  8. Continue with Configure cloud import and export locations.

recommendation-more-help
46b8682c-fda6-4669-9355-1a44923e549e