AWS CloudTrail Setup Guide link
Follow our setup guide to connect AWS CloudTrail to Fivetran.
Prerequisiteslink
To connect AWS CloudTrail to Fivetran, you need:
- An S3 bucket set up to receive log files from CloudTrail (see Amazon's CloudTrail documentation for details)
- For private buckets, an AWS account with the ability to grant Fivetran permission to read from the bucket
Setup instructionslink
Find the External IDlink
Find the automatically-generated External ID in your connector setup form and make a note of it. You will need it to configure AWS to connect with Fivetran.
NOTE: The automatically-generated External ID is tied to your account. If you close and re-open the setup form, the ID will remain the same. You may wish to keep the tab open in the background while you configure your source for convenience, but closing it is also OK.
Create IAM policylink
Open the Amazon IAM console.
Go to Policies, then select Create policy.
Go to the JSON tab.
Copy the following policy and paste it in the JSON tab, replacing "{your-bucket-name}" with the name of your s3 bucket.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "arn:aws:s3:::{your-bucket-name}/*" }, { "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": "arn:aws:s3:::{your-bucket-name}" } ] }
Click Review policy.
Name the policy "Fivetran-cloudtrail-Access."
Click Create policy.
Create IAM role link
Go to Roles, then select Create role.
Select Another AWS account, then in the Account ID field, enter Fivetran's account ID,
834469178297
.Select Require external ID checkbox.
Enter the External ID you got from the Fivetran AWS CloudTrailsetup form.
Click Next: Permissions.
Select the policy "Fivetran-cloudtrail-Access" that you created earlier.
Click Next: Tags which is optional.
Click Next: Review.
Name your new role "Fivetran" and click Create role.
Select Fivetran, the role you just created.
Find the Role ARN and make a note of it. You will need it to fill in you Fivetran AWS CloudTrail setup form.
(Optional) Set permissions link
You can specify permissions for the Role ARN that you designate for Fivetran. Giving selective permissions to this role only allows Fivetran to sync what it has permissions to see.
Finish Fivetran configurationlink
- In the connector setup form, enter your chosen Destination schema name.
- Enter your Bucket name.
- Enter your Role ARN.
- (Optional) If you used a prefix when setting up the bucket for AWS Cloudtrail, enter the prefix.
- Click Save & Test. Fivetran will take it from here and sync your data from AWS CloudTrail.
Related articleslink
description Connector Overview
account_tree Schema Information
settings API Connector Configuration