Amazon Web Services (AWS) | Cloud Integration Setup

The process for authorizing Reboot Motion to deliver data directly to an S3 bucket in your organization's Amazon Web Services (AWS) account involves creating an IAM Role with appropriate permissions that can be assumed by Reboot Motion. While the below example provides templates that are functional, you may wish to dial in more specific permissions.

Step 1: Ensure Security Token Service (STS) is enabled for your region.

This is a critical step to ensure the role can be assumed by our cloud resources. To enable STS for your region, follow the steps outlined in the Activating and deactivating AWS STS in an AWS Region section of AWS' documentation.

Step 2: Create an IAM Policy

An IAM policy is the document that grants the necessary permissions to access certain AWS resources (in this case, an S3 Bucket). Follow the steps outlined in Creating policies using the JSON editor to create an IAM Policy with the following contents:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "ListObjectsInBucket",
            "Effect": "Allow",
            "Action": ["s3:ListBucket"],
            "Resource": ["arn:aws:s3:::<bucket-name>"]
        },
        {
            "Sid": "AllObjectActions",
            "Effect": "Allow",
            "Action": "s3:*Object",
            "Resource": ["arn:aws:s3:::<bucket-name>/*"]
        }
    ]
}

Be sure to replace <bucket-name> from the above example with the name of the S3 Bucket to which Reboot Motion should deliver your data.

Step 3: Create an IAM Role

An IAM Role allows a calling entity to perform actions allowed by the attached policies. Since this role will be assumed by an AWS account separate from your own (in this case, Reboot Motion's account), we need to create the IAM Role with something called "custom trust policies."

To create the role, follow the steps outlined in Creating an IAM role using a custom trust policy (console).

During step 4 of the above instructions, you'll be asked to enter/paste a custom trust policy. You can use the example below:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "<RebootMotionRoleARN>"
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "sts:ExternalId": "<RebootMotionExternalId>"
        }
      }
    }
  ]
}

Reboot Motion will provide values to replace <RebootMotionRoleARN> and <RebootMotionExternalId>.

Step 4: Prepare for testing

At this point, everything should be set up and ready for us to test! Once you provide the name of your S3 bucket and the ARN of the Role you created above, we will test the connection from our environment to yours. Once this has been validated, we will work with you to customize the paths to which data will be delivered in your bucket.