Allow LiveRamp to Access Your AWS S3 Bucket
If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can allow LiveRamp to retrieve files from that bucket in one of two ways:
By authorizing LiveRamp’s user
By creating an IAM (Identity and Access Management) user so that LiveRamp can retrieve that data for processing
Caution
We'll retrieve all the files: Make sure to include only files that you want to be retrieved by LiveRamp in the S3 bucket.
You can perform most functions as with other SFTP connections, such as deleting files and creating or moving directories. Be sure not to delete the "/uploads" directory however.
Note
See Amazon's Bucket Owner Granting Cross-Account Bucket Permissions example documentation for more information.
See the sections below for more information on these methods.
File Retrieval Protocol for S3 Bucket Retrieval
When retrieving files from an Amazon Web Services (AWS) S3 cloud storage bucket, LiveRamp detects and retrieves any new files found in the specified bucket/path location, with each file being retrieved once. Files are determined to be "new" based upon the combination of file name and the “modified” timestamp.
Note
If you would like us to retrieve a file again, update the “modified” timestamp so that our system recognizes the file as “new”.
Authorize LiveRamp's User to Access Your AWS S3 Bucket
If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can authorize LiveRamp’s user so that LiveRamp can retrieve that data for processing.
Follow the instructions below to authorize LiveRamp's user to access your bucket (and any specific paths within the bucket), list the objects inside of it, and retrieve those objects.
Note
You will not create a user under your own account for LiveRamp to use, and no secret credentials are shared. If you'd prefer to create an IAM (Identity and Access Management) user under your own account and share the credentials with LiveRamp, follow the steps in Create an IAM User for LiveRamp to Access Your S3 Bucket.
The LiveRamp user in AWS cannot accept roles and can only be added to the bucket policy.
Provide your AWS administrator with the information listed below:
User ARN: arn:aws:iam::609251445204:user/svc-liveramp-ingestion-connectors
Required Permissions:
ListBucket
GetBucketLocation
GetBucketPolicy
GetObject
ListBucketVersions
Note
See this sample JSON S3 bucket policy for more information (this policy might vary slightly based upon the specifics of your implementation).
Contact your LiveRamp representative and provide them with the path(s) you would like LiveRamp to retrieve files from.
Note
For measurement use cases where you want LiveRamp to only retrieve files older than a specific campaign start date, provide that start date and time to your LiveRamp representative.
Create an IAM User for LiveRamp to Access Your S3 Bucket
If you have data stored in an AWS (Amazon Web Services) S3 cloud storage bucket, you can create an Identity and Access Management (IAM) user so that LiveRamp can retrieve that data for processing.
Follow the instructions below to create an IAM user under your AWS account with the ability to access your bucket (and any specific paths within the bucket), list the objects inside of it, and retrieve those objects.
Caution
Don't want to share credentials? This will require sharing secret credentials with LiveRamp. If you'd prefer not to share secret credentials, you can authorize LiveRamp's user to access your bucket. See Authorize LiveRamp's User to Access Your AWS S3 Bucket.
Provide your AWS administrator with the required permissions listed below:
ListBucket
GetBucketLocation
GetBucketPolicy
GetObject
ListBucketVersions
Contact your LiveRamp representative and provide them with the information listed below:
The User Access Key
The User Secret Key
The S3 bucket name
If applicable, the paths in your S3 bucket where the files are stored
For measurement use cases where you want LiveRamp to only retrieve files older than a specific campaign start date, provide that start date and time
LiveRamp can provide you with our GPG encryption key so that you can encrypt a file containing the secret key if desired.