Skip to main content

Allow LiveRamp to Access Your AWS S3 Bucket

If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can allow LiveRamp to retrieve files from that bucket in one of two ways:

  • By authorizing LiveRamp’s user

  • By creating an IAM (Identity and Access Management) user so that LiveRamp can retrieve that data for processing

Caution

We'll retrieve all the files: Make sure to include only files that you want to be retrieved by LiveRamp in the S3 bucket.

You can perform most functions as with other SFTP connections, such as deleting files and creating or moving directories. Be sure not to delete the "/uploads" directory however.

Note

See Amazon's Bucket Owner Granting Cross-Account Bucket Permissions example documentation for more information.

See the sections below for more information on these methods.

File Retrieval Protocol for S3 Bucket Retrieval

When retrieving files from an Amazon Web Services (AWS) S3 cloud storage bucket, LiveRamp detects and retrieves any new files found in the specified bucket/path location, with each file being retrieved once. Files are determined to be "new" based upon the combination of file name and the “modified” timestamp.

Note

If you would like us to retrieve a file again, update the “modified” timestamp so that our system recognizes the file as “new”.

Authorize LiveRamp's User to Access Your AWS S3 Bucket

If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can authorize LiveRamp’s user so that LiveRamp can retrieve that data for processing.

Follow the instructions below to authorize LiveRamp's user to access your bucket (and any specific paths within the bucket), list the objects inside of it, and retrieve those objects.

Note

  • You will not create a user under your own account for LiveRamp to use, and no secret credentials are shared. If you'd prefer to create an IAM (Identity and Access Management) user under your own account and share the credentials with LiveRamp, follow the steps in Create an IAM User for LiveRamp to Access Your S3 Bucket.

  • The LiveRamp user in AWS cannot accept roles and can only be added to the bucket policy.

  1. Provide your AWS administrator with the information listed below:

    • User ARN: arn:aws:iam::609251445204:user/svc-liveramp-ingestion-connectors

    • Required Permissions:

      • ListBucket

      • GetBucketLocation

      • GetBucketPolicy

      • GetObject

      • ListBucketVersions

    Note

    See this sample JSON S3 bucket policy for more information (this policy might vary slightly based upon the specifics of your implementation).

  2. Contact your LiveRamp representative and provide them with the path(s) you would like LiveRamp to retrieve files from.

    Note

    For measurement use cases where you want LiveRamp to only retrieve files older than a specific campaign start date, provide that start date and time to your LiveRamp representative.

Create an IAM User for LiveRamp to Access Your S3 Bucket

If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can create an Identity and Access Management (IAM) user so that LiveRamp can retrieve that data for processing.

Follow the instructions below to create an IAM user under your AWS account with the ability to access your bucket (and any specific paths within the bucket), list the objects inside of it, and retrieve those objects.

Caution

Don't want to share credentials? This will require sharing secret credentials with LiveRamp. If you'd prefer not to share secret credentials, you can authorize LiveRamp's user to access your bucket. See Authorize LiveRamp's User to Access Your AWS S3 Bucket.

  1. Provide your AWS administrator with the required permissions listed below:

    • ListBucket

    • GetBucketLocation

    • GetBucketPolicy

    • GetObject

    • ListBucketVersions

  2. Contact your LiveRamp representative and provide them with the information listed below:

    • The User Access Key

    • The User Secret Key

    • The S3 bucket name

    • If applicable, the paths in your S3 bucket where the files are stored

    • For measurement use cases where you want LiveRamp to only retrieve files older than a specific campaign start date, provide that start date and time

LiveRamp can provide you with our GPG encryption key so that you can encrypt a file containing the secret key if desired.