Configure cloud import and export accounts
- System administrators can restrict users from creating accounts, as described in Configure whether users can create accounts. If you can’t create accounts as described in this section, contact your system administrator.
- An account can be edited only by the user who created it or by a system administrator.
You can configure a cloud account that is used for any or all of the following purposes:
- Exporting files using Data Feeds
- Exporting reports using Data Warehouse
- Importing schemas using Classification sets
You need to configure ÃÛ¶¹ÊÓƵ Analytics with the necessary information to access your cloud account. This process consists of adding and configuring the account (such as Amazon S3 Role ARN, Google Cloud Platform, and so forth) as described in this article, and then adding and configuring the location within that account (such as a folder within the account) as described in Configure cloud import and export locations.
For information about how to view and delete existing accounts, see Locations manager.
To configure a cloud import or export account:
-
In ÃÛ¶¹ÊÓƵ Analytics, select Components > Locations.
-
On the Locations page, select the Location accounts tab.
-
(Conditional) If you are a system administrator, you can enable the View accounts for all users option to view accounts created by all users in your organization.
-
To create a new account, select Add account.
The Location account details dialog displays.
Or
To edit an existing account, locate the account that you want to edit, then select the Edit details button.
The Add account dialog displays.
-
Specify the following information:
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 Field Function Location account name The name of the location account. This name appears when creating a location Location account description Provide a short description of the account to help differentiate it from other accounts of the same account type. Make account available to all users in your organization Enable this option to allow other users in your organization to use the account.
Consider the following when sharing accounts:
- Accounts that you share cannot be unshared.
- Shared accounts can be edited only by the owner of the account.
- Anyone can create a location for the shared account.
Account type Select your cloud account type. We recommend having a single account for each account type, with multiple locations as needed within that account.
System administrators can limit the account types that users can create, as described in Configure whether users can create accounts. If you can’t create accounts as described in this section, contact your system administrator.
-
In the Account properties section, specify information specific to the account type that you selected.
For configuration instructions, expand the section below that corresponds to the Account type that you selected. (Additional legacy account types are also available, but are not recommended.)
Account types
accordion Amazon S3 Role ARN To configure an Amazon S3 Role ARN account, specify the following information:
table 0-row-2 1-row-2 layout-auto Field Function Role ARN You must provide a Role ARN (Amazon Resource Name) that ÃÛ¶¹ÊÓƵ can use to gain access to the Amazon S3 account. To do this, you create an IAM permission policy for the source account, attach the policy to a user, and then create a role for the destination account. For specific information, see . accordion Google Cloud Platform To configure a Google Cloud Platform account, specify the following information:
table 0-row-2 1-row-2 layout-auto Field Function Project ID Your Google Cloud project ID. See the . accordion Azure SAS To configure an Azure SAS account, specify the following information:
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 5-row-2 layout-auto Field Function Application ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the . Tenant ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the . Key vault URI The path to the SAS token in Azure Key Vault. To configure Azure SAS, you must store an SAS token as a secret using Azure Key Vault. For information, see the .
After the key vault URI is created, add an access policy on the Key Vault to grant permission to the Azure application that you created. For information, see the .
Key vault secret name The secret name that you created when adding the secret to Azure Key Vault. In Microsoft Azure, this information is located in the Key Vault you created, on the Key Vault settings page. For information, see the . Location account secret Copy the secret from the Azure application that you created. In Microsoft Azure, this information is located on the Certificates & secrets tab within your application. For more information, see the . accordion Azure RBAC To configure an Azure RBAC account, specify the following information:
table 0-row-2 1-row-2 2-row-2 3-row-2 layout-auto Field Function Application ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the . Tenant ID Copy this ID from the Azure application that you created. In Microsoft Azure, this information is located on the Overview tab within your application. For more information, see the . Location account secret Copy the secret from the Azure application that you created. In Microsoft Azure, this information is located on the Certificates & secrets tab within your application. For more information, see the . accordion Email note note NOTE Email accounts can be used only with Data Warehouse. (Email accounts are not supported with Data Feeds or Classification sets). To configure an Azure RBAC account, specify the following information:
table 0-row-2 1-row-2 layout-auto Field Function Recipients Email notifications can be sent to specific users when the report is sent. Specify a single email address or a comma-separated list of email addresses. Legacy account types
These legacy account types are available only when exporting data with Data Feeds and Data Warehouse. These options are not available when importing data with Classification sets.
accordion FTP Data feed data can be delivered to an ÃÛ¶¹ÊÓƵ or customer-hosted FTP location. Requires an FTP host, username, and password. Use the path field to place feed files in a folder. Folders must already exist; feeds throw an error if the specified path does not exist.
table 0-row-2 1-row-2 2-row-2 3-row-2 4-row-2 layout-auto Field Function Host Enter the desired FTP destination URL. For example, ftp.adobe.com
.Path Can be left blank. Username Enter the username to log in to the FTP site. Password and confirm password Enter the password to log in to the FTP site. accordion SFTP SFTP support for data feeds is available. Requires an SFTP host, username, and the destination site to contain a valid RSA or DSA public key. You can download the appropriate public key when creating the feed. accordion S3 You can send warehouse data directly to Amazon S3 buckets. This destination type requires a Bucket name, an Access Key ID, and a Secret Key. See within the Amazon S3 docs for more information.
The user you provide for uploading data warehouse data must have the following :
- s3:GetObject
- s3:PutObject
- s3:PutObjectAcl
The following 16 standard AWS regions are supported (using the appropriate signature algorithm where necessary):
- us-east-2
- us-east-1
- us-west-1
- us-west-2
- ap-south-1
- ap-northeast-2
- ap-southeast-1
- ap-southeast-2
- ap-northeast-1
- ca-central-1
- eu-central-1
- eu-west-1
- eu-west-2
- eu-west-3
- eu-north-1
- sa-east-1
note note NOTE The cn-north-1 region is not supported. accordion Azure Blob Data warehouse supports Azure Blob destinations. Requires a container, account, and a key. Amazon automatically encrypts the data at rest. When you download the data, it gets decrypted automatically. See within the Microsoft Azure docs for more information.
note note NOTE You must implement your own process to manage disk space on the data warehouse destination. ÃÛ¶¹ÊÓƵ does not delete any data from the server. -
Select Save.
-
Continue with Configure cloud import and export locations.