Amazon CloudFront Setup Guide

Follow our setup guide to connect Amazon CloudFront to Fivetran.

Prerequisites

To connect Amazon CloudFront to Fivetran, you need:

• An S3 bucket containing files with supported file types and encodings
• An AWS account with the ability to grant Fivetran permission to read from the bucket

Setup instructions

Configure CloudFront logging

If you haven't already, configure CloudFront to store its log files in an S3 bucket according to Amazon's instructions.

Find External ID

In the connector setup form, find the automatically-generated External ID and make a note of it. You will need it to create an IAM role in AWS.

NOTE: The automatically-generated External ID is tied to your account. If you close and re-open the setup form, the ID will remain the same. You may wish to keep the tab open in the background while you configure your source for convenience, but closing it is also OK.

Create IAM policy

This step will allow Fivetran to access your S3 bucket.

1. Open your Amazon IAM console.

2. Go to Policies, then select Create policy.

   

3. Go to the JSON tab.

   

4. Copy the following policy and paste it in the JSON tab, replacing {your-bucket-name} with the name of the S3 bucket where you store CloudFront logs.

   {
   "Version": "2012-10-17",
   "Statement": [
       {
         "Effect": "Allow",
         "Action": [
   "s3:Get*",
   "s3:List*"
         ],
         "Resource": "arn:aws:s3:::{your-bucket-name}/*"
       },
       {
         "Effect": "Allow",
         "Action": [
   "s3:Get*",
   "s3:List*"
         ],
         "Resource": "arn:aws:s3:::{your-bucket-name}"
       }
     ]
   }
   

5. Click Review policy.

   

6. Name the policy "Fivetran-cloudfront-access".

   

7. Click Create policy.

Create IAM role

1. Go to Roles, then select Create role.

   

2. Select Another AWS account, then enter Fivetran's account ID, 834469178297, in the Account ID field. Select the Require external ID checkbox.

   

3. Enter the External ID you found in Step 2.

   

4. Click Next: Permissions.

5. Select the "Fivetran-cloudfront-access" policy that you created in Step 3.

   

6. Click Next: Tags, which is optional.

7. Click Next: Review.

8. Name your new role "Fivetran".

   

9. Click Create role.

10. Select the Fivetran role you just created.

    

11. Find the Role ARN and make a note of it. You will need it to configure Fivetran.

    

(Optional) Set permissions

You can specify permissions for the Role ARN that you designate for Fivetran. Giving selective permissions to this role will allow Fivetran to only sync what it has permissions to see.

Finish Fivetran configuration

1. In the connector setup form, enter your chosen Destination schema name.

2. Enter your S3 bucket.

3. Enter the Role ARN you found in Step 4.

4. (Optional) Enter your folder path.

5. Click Save & Test. Fivetran will take it from here and sync your CloudFront data from your AWS S3 bucket.

Related articles

description Connector Overview

settings API Connector Configuration

home Documentation Home