Learn how to export data to your S3 bucket without providing AWS static credentials.

1. Create an AWS S3 bucket.
   For example, reltio-cross-account-export-bucket.
2. Create an AWS access policy.

   For example, s3-reltio-export-policy.

   You can read, write, and list access to your S3 bucket.

   • List: ListBucket
   • Read: GetObject
   • Write: PutObject, DeleteObject

   

3. Create an AWS role.

   For example, reltio-exporter. Now, you can access the policy.

4. Add another AWS Account for the role type.

   Specify the Reltio AWS Account ID as the account that can use this role.

   

5. Set the maximum CLI/API session duration to 12 hours.

   This provides the Reltio export service sufficient time to complete writing to an S3 bucket for larger exports.

6. Enter the credentials:
   1. Add the Account ID.

      For example, 111122223333.

   2. Add the ARN Number.

      For example, arn:aws:iam::123456789876: user/reltio.platform.jobs.

7. Assign the policy to the role.

   For example, you can assign policy s3-reltio-export-policy to the role reltio-exporter.

8. Provide the role ARN to Reltio Customer Support.

   Reltio will then configure an AWS role within the trusted account to assume the customer’s role when it needs to write to the customer’s S3 bucket.

   Export Service HTTP headers

   AWS access key and secret key will no longer be used once this AWS AssumeRole is set up. You must provide an AWS IAM AssumeRole instead.

   HTTP headers

   See Table 1: HTTP headers for the HTTP headers.

   Table 1. HTTP headers

   HTTP Header	Description	Example
   s3Bucket	Customer S3 bucket.	mys3bucket
   s3Path	Customer S3 path where the export output files are placed.	/reltio-export-output/mypath/
   roleArn	Customer IAM role where the trust relationship was defined for Reltio to assume the role.	arn:aws:iam:999999999999:role/reltio-exporter
   externalId	Customer’s unique identifier for granular control over role access.	5ez83245-6b31-4df3-9bd2-0a0t25b3f9c9zz