home

Model

DiscoverStartExploreModelIntegrateEngage
DiscoverStartExploreModelIntegrateEngage

Accelerate the Value of Data

Show Contents

thumbnailModel

LCA Implementation Using AWS Lambda

LCA as AWS Lambda: Identity and Access Management

You can use AWS Lambda: Identity and Access Management to implement LCA.

Access to AWS Lambda Functions

To invoke the Lambda functions hosted in a customer AWS account, Reltio can use:

  • AWS credentials (Access Key, Secret Key) provided by the customer.
  • IAM roles for delegate access. This is the recommended approach.
Important: For security reasons, it is recommended that you use IAM roles (with temporary security credentials) instead of sharing the AWS standard long-term credentials. For configuration details, see AWS documentation.

Access with AWS Credentials

To use the regular credentials-based access to your LCA Handlers implemented as AWS Lambda Functions, file a ticket with Reltio Support. Include the following information in your request:

  • Environment name (Dev, Test, Prod, Preview)
  • Tenant name (Reltio Tenant ID)
  • AWS Access Key and AWS Secret Key of the AWS Account where the Lambda Functions are hosted.

Access with IAM Role

To use the IAM role-based access to your LCA Handlers implemented as AWS Lambda Functions, create the AssumeRole in your AWS account, with access to the particular AWS services (S3, Lambda).

Note: This role must have a Trusted Relationship with the Reltio AWS account. Contact the Reltio Customer Success representative with a request for Reltio AWS account information.

Use External ID in AssumeRole requests

The Reltio Platform secures interaction with AWS Lambda functions using AccessKeys and IAM Role-Based Access, optionally combined with an External ID for enhanced security.

  • External ID: A security feature for cross-account role assumption to prevent unauthorized access. For detailed guidance, see the AWS documentation on External IDs.
  • AWS Lambda Access: The execution of Lambda functions within an AWS account using Access Keys or IAM Roles, potentially enhanced by an External ID.

Secure access

Administrators set up access to AWS resources in two primary ways:

  • Using AWS AccessKey and SecretKey, administrators can directly invoke Lambda functions.

  • IAM Role-Based Access involves using an IAM role from your AWS account. This can include an External ID for additional security, which should be a unique identifier like a UUID and adhere to the regular expression pattern (regex) [\\w+=,.@:/-]*.

To establish secure access, create an IAM role within the AWS account with necessary permissions for Lambda and S3 access, including an External ID if needed. Ensure the role grants the appropriate permissions and establish a trust relationship with the Reltio AWS account.

Note: Generate and use unique External IDs for each role to maintain secure access controls. Make the External ID visible but non-editable to prevent unauthorized changes.

Updated on May 3, 2024

Related Articles:

Footer

You've found your way to a temporary environment. Content is not complete or final. Looking for Reltio documentation? Go to docs.reltio.com.

Company

Leadership

Careers

Awards

Contact Us

Reltio Newsroom

Press Releases

Media Coverage

Media & Analyst Resources

Customer Support

Support

Reltio Learn

Community

Developer Portal

100 Marine Parkway, Suite 275

Redwood Shores, CA 94065

USA

North America: +1(855)360-3282

Europe: +44(800)368-7643

Email: sales@reltio.com

© 2022-2024 Reltio Intellectual Property. All rights reserved.

Terms, Policies & Cookie Preferences