AWS Inventory Setup Guide

Follow our setup guide to connect AWS Inventory to Fivetran.

Prerequisites

To connect AWS Inventory to Fivetran, you need:

• An AWS account with Administrator privileges.
• An Amazon S3 bucket that is configured for AWS Inventory to put the files in.

NOTE: If you are using a private bucket, you need an AWS account that can grant Fivetran permission to read from the bucket.

Setup instructions

Begin Fivetran configuration

1. In the top right corner of your Fivetran Dashboard, click + Connector.

2. Select the AWS Inventory connector to launch the setup form.

3. Find the automatically-generated External ID and make a note of it. You will need it to configure AWS to connect with Fivetran.

NOTE: The External ID is tied to your account. If you close and re-open the setup form, the ID will not change. For convenience, you can keep the browser tab open in the background while you configure your source.

Create IAM policy

This step will allow Fivetran to access your EC2, ELB, S3, Config, CloudTrail, and IAM services.

1. Open the Amazon IAM console.

2. Go to Access management > Policies, and then select Create policy.

   

3. In the Create policy window, go to the JSON tab.

   

4. Copy the following policy and paste it in the JSON tab.

   {
      "Version": "2012-10-17",
      "Statement": [
          {
              "Sid": "VisualEditor0",
              "Effect": "Allow",
              "Action": [
                  "iam:GenerateCredentialReport",
                  "iam:GetPolicyVersion",
                  "iam:GetAccountPasswordPolicy",
                  "ec2:DescribeInstances",
                  "ec2:DescribeRegions",
                  "cloudtrail:GetTrailStatus",
                  "s3:Get*",
                  "iam:ListMFADevices",
                  "cloudtrail:GetEventSelectors",
                  "s3:List*",
                  "iam:ListVirtualMFADevices",
                  "elasticloadbalancing:DescribeLoadBalancers",
                  "kms:GetKeyRotationStatus",
                  "iam:ListAttachedUserPolicies",
                  "iam:GetCredentialReport",
                  "iam:ListAccessKeys",
                  "iam:ListPolicies",
                  "iam:ListEntitiesForPolicy",
                  "iam:ListUserPolicies",
                  "ec2:DescribeSecurityGroups",
                  "cloudtrail:DescribeTrails",
                  "ec2:DescribeImages",
                  "kms:ListKeys",
                  "iam:ListPolicyVersions",
                  "config:DescribeConfigurationRecorders",
                  "iam:ListGroupsForUser",
                  "ec2:DescribeVpcs",
                  "iam:ListAccountAliases",
                  "iam:ListUsers",
                  "iam:GetLoginProfile",
                  "iam:GetAccountSummary",
                  "route53:ListHostedZones",
                  "route53:ListResourceRecordSets"
              ],
              "Resource": "*"
          }
      ]
   }
   

5. Click Review policy.

6. Name the policy "fivetran-inventory."

   

7. Click Create policy.

Create IAM role

1. Go to Access management > Roles, and then select Create role.

   

2. In the Create role window, select Another AWS account, and then in the Account ID field, enter Fivetran's account ID, 834469178297.

   

3. In Options, select the Require external ID checkbox.

4. In the External ID field, enter the External ID you got from the Fivetran AWS Inventory setup form.

5. Click Next: Permissions.

   

6. Select the "fivetran-inventory" policy that you created in Step 2.

   

7. Click Next: Tags. Entering tags is optional, but you must click through the step.

8. Click Next: Review.

9. Name your new role "Fivetran" and then click Create role.

   

10. Select the Fivetran role that you just created.

    

11. In the Summary section, make a note of the Role ARN value. You will need it to fill in your Fivetran AWS Inventory setup form.

    

(Optional) Set permissions

You can specify permissions for the Role ARN that you designate for Fivetran. Grant selective permissions to this role to allow Fivetran to sync only what it has permissions to see.

Finish Fivetran configuration

1. Return to the browser tab with your Fivetran dashboard.

2. Enter the destination schema name of your choice.

3. Enter the Role ARN you found in Step 3.

4. Enter your Config Bucket Name.

5. Enter your Role ARN.

6. Enter the prefix if you used one when setting up the bucket for AWS Inventory.

7. Click Save & Test. Fivetran will take it from here and sync your AWS Inventory data.

Related articles

description Connector Overview

account_tree Schema Information

assignment Release Notes

settings API Connector Configuration

home Documentation Home