AWS CloudTrail Setup Guide

Follow our setup guide to connect AWS CloudTrail to Fivetran.

Prerequisites

To connect AWS CloudTrail to Fivetran, you need:

• An S3 bucket set up to receive log files from CloudTrail (see Amazon's CloudTrail documentation for details)
• For private buckets, an AWS account with the ability to grant Fivetran permission to read from the bucket

Setup instructions

Find the External ID

Find the automatically-generated External ID in your connector setup form and make a note of it. You will need it to configure AWS to connect with Fivetran.

NOTE: The automatically-generated External ID is tied to your account. If you close and re-open the setup form, the ID will remain the same. You may wish to keep the tab open in the background while you configure your source for convenience, but closing it is also OK.

Create IAM policy

1. Open the Amazon IAM console.

2. Go to Policies, then select Create policy.

   

3. Go to the JSON tab.

   

4. Copy the following policy and paste it in the JSON tab, replacing "{your-bucket-name}" with the name of your s3 bucket.

   {
   "Version": "2012-10-17",
   "Statement": [
       {
         "Effect": "Allow",
         "Action": [
   "s3:Get*",
   "s3:List*"
         ],
         "Resource": "arn:aws:s3:::{your-bucket-name}/*"
       },
       {
         "Effect": "Allow",
         "Action": [
   "s3:Get*",
   "s3:List*"
         ],
         "Resource": "arn:aws:s3:::{your-bucket-name}"
       }
     ]
   }
   

5. Click Review policy.

6. Name the policy "Fivetran-cloudtrail-Access."

   

7. Click Create policy.

Create IAM role

1. Go to Roles, then select Create role.

   

2. Select Another AWS account, then in the Account ID field, enter Fivetran's account ID, 834469178297.

   

3. Select the Require external ID checkbox.

4. Enter the External ID you got from the Fivetran AWS CloudTrailsetup form.

5. Click Next: Permissions.

   

6. Select the policy "Fivetran-cloudtrail-Access" that you created earlier.

   

7. Click Next: Tags which is optional.

8. Click Next: Review.

9. Name your new role "Fivetran" and click Create role.

   

10. Select Fivetran, the role you just created.

    

11. Find the Role ARN and make a note of it. You will need it to fill in you Fivetran AWS CloudTrail setup form.

    

(Optional) Set permissions

You can specify permissions for the Role ARN that you designate for Fivetran. Giving selective permissions to this role only allows Fivetran to sync what it has permissions to see.

Finish Fivetran configuration

1. In the connector setup form, enter your chosen Destination schema name.
2. Enter your Bucket name.
3. Enter your Role ARN.
4. (Optional) If you used a prefix when setting up the bucket for AWS Cloudtrail, enter the prefix.
5. Click Save & Test. Fivetran will take it from here and sync your data from AWS CloudTrail.

Related articles

description Connector Overview

account_tree Schema Information

assignment Release Notes

settings API Connector Configuration

home Documentation Home