Setup AWS Delegated Role

The information required to integrate Data Explorer with AWS-hosted resources like S3 buckets, Elastic Container Registry buckets etc., is stored as a secret of 'Delegated IAM' type. This section describes the steps to create this secret. You must have sufficient privileges on your AWS account to create IAM policies and cross-account roles.

1. On the Secrets page, click '+Add Secret' and select 'AWS' provider and 'Delegated IAM' type.
2. Note the Akridata Account ID and the External ID information displayed since this information is needed to set up the necessary role in your AWS account. The External ID is a randomly generated UUID by default, and you can update it to any string of your choice.
   
3. Login to your AWS account. Go to the IAM service and follow the 'Add Role' process. 
4. Select the trusted entity as 'AWS account' and 'Another AWS Account'.
5. Enter the Account ID and External ID displayed in step 2.
6. Attach a policy based on the resource for which the access is being created. For access to an S3 bucket, a sample policy statement is as below. Replace 'myBucket' with the name of your bucket.
   
   JSONJSON

   {
       "Version": "2012-10-17",
       "Statement": [
           {
               "Effect": "Allow",
               "Action": [
                   "s3:GetObject",
                   "s3:HeadBucket",
                   "s3:ListBucket"
               ],
               "Resource": [
                   "arn:aws:s3:::myBucket",
                   "arn:aws:s3:::myBucket/*"
               ]
           }
       ]
   }
   

7. Save the role created above.
8. Click on 'Edit role' and change the session duration time from default 1 hour to 12 hours and save the changes.
9. Copy the Role ARN.
10. Go back to Data Explorer 'Add Secret' flow and paste the Role ARN from step 9.
    
    
11. Click 'Submit' to save this secret.