Setting Up LiveRamp File Deliveries
For clients and partners who receive files from LiveRamp (such as through our Measurement Enablement workflow), LiveRamp can deliver files to the following locations:
Your SFTP server
Amazon Web Services (AWS) S3 buckets
Google Cloud Buckets
Microsoft Azure blobs
Caution
While we can deliver data files to AWS S3 buckets using the Authorize LiveRamp's User to Deliver Data to Your AWS S3 Bucket method and to Azure blobs, we will not be able to send a taxonomy file via those methods. For this reason, if you receive taxonomy files as part of your deliveries, we recommend that you use one of the other methods or check with your LiveRamp rep to see whether one of these methods will work for your integration.
Note
If none of these options work for your current configuration, contact your LiveRamp Implementation Manager.
To set up file deliveries, provide LiveRamp with the appropriate information for your desired delivery method.
Caution
Make sure to provide full read and write permissions to LiveRamp to ensure smooth data delivery.
Host name
Port
Username
Password
Root path
Utilizing an SSH Key
If you’d like us to authenticate to your SFTP server using SSH keys instead of a password, you can use our LiveRamp public SSH key for distributions or your own SSH key.
Caution
We do not create custom keys for customers.
Using the LiveRamp Public SSH Key
If you’d like us to authenticate to your SFTP server using SSH keys instead of a password, you can add our public RSA key to your server and provide us with the username to connect with.
Caution
Note that this public key is different from the LiveRamp public key that is used for uploading from a customer’s SFTP. See “Upload a File via Your SFTP” for more information.
Download our public key for distributions.
Once you've configured the key, contact your LiveRamp representative to confirm.
Using Your SSH Key
You can send us your private SSH key for us to use to authenticate to your server for distributions, but the key must be an RSA key. The first line in the key should include "BEGIN RSA PRIVATE KEY."
Caution
If the first line includes "BEGIN OPENSSH PRIVATE KEY", we cannot use it. Regenerate the key by running:
“ssh-keygen -t rsa”.
If you want files to be delivered to an AWS (Amazon Web Services) S3 cloud storage bucket, you can allow LiveRamp to deliver files to that bucket in one of two ways:
By authorizing LiveRamp’s user
By creating an IAM (Identity and Access Management) user
Caution
This information only pertains to S3 buckets to which LiveRamp delivers data. It does not apply to S3 buckets that you might have LiveRamp retrieve files from. For more information about allowing LiveRamp to retrieve data from an S3 bucket, see "Allow LiveRamp to Access Your AWS S3 Bucket."
Note
See Amazon's Bucket Owner Granting Cross-Account Bucket Permissions example documentation for more information.
See the sections below for more information on these methods.
Follow the instructions below to authorize LiveRamp's user to deliver data to your bucket.
Caution
While we can deliver data files to an AWS S3 bucket via this method, we will not be able to send a taxonomy file. For this reason, if you receive taxonomy files as part of your deliveries, we recommend that you use one of the other available delivery methods (such as Create an IAM User for LiveRamp to Deliver Data to Your S3 Bucket) or check with your LiveRamp rep to see whether this method will work for your integration.
Caution
You will not create a user under your own account for LiveRamp to use, and no secret credentials are shared. If you'd prefer to create an IAM (Identity and Access Management) user under your own account and share the credentials with LiveRamp, follow the steps in the "Create an IAM User for LiveRamp to Deliver Data to Your S3 Bucket" section of this article.
Provide your AWS administrator with the information listed below:
User ARN: arn:aws:iam::609251445204:user/lr-distribution
Required Permissions:
Note
The asterisk after a permission means that if AWS adds new API operations in the future, key administrators will automatically be allowed to perform all new API operations that begin with that permission action.
PutObject*
ListBucket
GetObject
AbortMultipartUpload
ListMultipartUploadParts
Note
See this sample JSON S3 bucket policy for more information (this policy might vary slightly based on the specifics of your implementation).
If server-side encryption is required, provide your AWS administrator with the kms:actions listed below:
Encrypt
Decrypt
ReEncrypt*
DescribeKey
GenerateDataKey*
Contact your LiveRamp representative and provide them with the information listed below:
Note
If you do not have a designated LiveRamp representative, create a case in the LiveRamp Community portal.
The S3 bucket name
If applicable, the path(s) in your S3 bucket where the files should be delivered (default is the root path)
The ACL (access control list) grant. The default is "BUCKET_OWNER_FULL_CONTROL", but we also support the options listed below:
"PRIVATE"
"PUBLIC_READ"
"PUBLIC_READ_WRITE"
"AUTHENTICATED_READ"
"BUCKET_OWNER_READ"
"BUCKET_OWNER_FULL_CONTROL"
"LOG_DELIVERY_WRITE"
If server-side encryption is required, the SSE key
Follow the instructions below to create an IAM user under your AWS account with the ability to deliver data to your bucket.
Caution
Don't want to share credentials? This will require sharing secret credentials with LiveRamp. If you'd prefer not to share secret credentials, you can authorize LiveRamp's user to deliver to your bucket. See the "Authorize LiveRamp's User to Deliver Data to Your AWS S3 Bucket" section of this article for more information.
Provide your AWS administrator with the required permissions listed below:
Note
The asterisk after a permission means that if AWS adds new API operations in the future, key administrators will automatically be allowed to perform all new API operations that begin that permission action.
PutObject*
ListBucket
GetObject
AbortMultipartUpload
ListMultipartUploadParts
If server-side encryption is required, provide your AWS administrator with the kms:actions listed below:
Encrypt
Decrypt
ReEncrypt*
DescribeKey
GenerateDataKey*
Contact your LiveRamp representative and provide them with the information listed below:
Note
If you do not have a designated LiveRamp representative, create a case in the LiveRamp Community portal.
The User Access Key
The User Secret Key
The S3 bucket name
If applicable, the path(s) in your S3 bucket where the files should be delivered (default is the root path)
The ACL (access control list) grant. The default is "BUCKET_OWNER_FULL_CONTROL", but we also support the options listed below:
"PRIVATE"
"PUBLIC_READ"
"PUBLIC_READ_WRITE"
"AUTHENTICATED_READ"
"BUCKET_OWNER_READ"
"BUCKET_OWNER_FULL_CONTROL"
"LOG_DELIVERY_WRITE"
If Server-Side Encryption is required, the SSE key
Service Account and Private Key in JSON Format (refer to the documentation here)
Bucket
Optional: Root path (Default: idl/mapping)
Note
If you'd prefer not to share bucket credentials, LiveRamp can pursue a permissions-based approach to delivering to a Google Cloud bucket. Contact your LiveRamp representative to learn more.
Caution
While we can deliver data files to Azure blobs, we will not be able to send them a taxonomy file. For this reason, if you receive taxonomy files as part of your deliveries, we recommend using one of the other methods or checking with your LiveRamp rep to see whether this method will work for your integration.
Account Key
Account Name
Container Name
When sending over your credentials, secure them by GPG/PGP-encrypting your file with our Public Key.
Note
For integration partners: By default, LiveRamp will prompt for a "client name" when a new distribution is being established by a client. LiveRamp will incorporate this string into the delivery file path to help you distinguish deliveries. For example, if BrandX is distributing segments to your platform, they would enter “BrandX” when setting up the distribution. LiveRamp would deliver this data to the path “/BrandX/<data file>” in your storage location.