Before you Begin

⚠IMPORTANT

AWS S3 access is intended for users that are already using and are familiar with S3.  If you are not familiar with AWS S3 you should request FTP credentials instead.  Note: Your organization can have both S3 and FTP access depending on the needs of each user in your organization.

 

Information to Collect for LinkUp Support

You must provide LinkUp Support with at least one AWS account ID that your organization uses.  That account will then be allowed to delegate access to the LinkUp Data files hosted in S3 to the account’s users and roles.

 

If you do not know your AWS account ID, you can find it by referring to the following AWS provided documentation:
https://docs.aws.amazon.com/IAM/latest/UserGuide/console_account-alias.html#FindingYourAWSId

 

AWS Role for S3 Access

LinkUp Support will provision an AWS role in LinkUp's AWS account using the AWS account ID for your organization that you provided. That AWS role will be used by your organization to delegate access to the LinkUp Data files hosted in S3 that your organization is licensed to access.

 

The following is an example of what the role name will look like:
arn:aws:iam::123456789123:role/S3-LinkUp_Data_Client-Example_Company_Name

 

AWS IAM Policy to Grant Access to LinkUp Data Files in S3

Once you have your organization's role name, you will need one of your AWS administrators to create a policy that will allow users or roles to assume the LinkUp provided role.

 

To create the policy from the AWS console:

1. From the Services menu select IAM.
2. From the left menu under Access Management select Policies.
3. Click the Create Policy button.
4. For Service search for and select STS.
5. For Actions expand the Write section under Access Level.
6. Check the box for AssumeRole.
7. Under resources ensure that Specific is selected.
8. Then for Role click Add ARN to restrict access.
9. For Specify ARN for Role enter the role provided to your organization by LinkUp.
10. Click the Add button.
11. Click the Review policy button.
12. Give the policy a name.  Your organization might have a preferred way to name policies.  If you don’t, a possible name could be STS-assume_LinkUp_Data_S3_access_role_policy.
13. Add a policy description if you want.
14. Click the Create Policy button.

 

Now that the policy is created, you can attach it to AWS IAM users, groups, or roles.

 

Attach the AWS IAM Policy to Grant Access to LinkUp Data Files in S3 to an IAM user

To attach the policy to a user:

1. From the left menu under Access Management select Users.
2. Click on the name of the user you want to attach the policy to.
3. Under the Permissions tab click the Add permissions button.
4. Click Attach Existing Policies Directly.
5. Check the box next to the policy you created earlier.
6. Click the Next: Review button.
7. Click the Add permission button.

 

Attach the AWS IAM Policy to Grant Access to LinkUp Data Files in S3 to an IAM group

To attach the policy to a group:

1. From the left menu under Access Management select Groups.
2. Click on the name of the group you want to attach the policy to.
3. Under the Permissions tab click the Attach Policy button.
4. Check the box next to the policy you created earlier.
5. Click the Attach Policy button.

 

Attach the AWS IAM Policy to Grant Access to LinkUp Data Files in S3 to an IAM role

To attach the policy to a group:

1. From the left menu under Access Management select Roles.
2. Click on the name of the role you want to attach the policy to.
3. Under the Permissions tab click the Attach Policy button.
4. Check the box next to the policy you created earlier.
5. Click the Attach Policy button.