Insert Trust Relationship in AWS IAM Role
If you are using per-user authentication through an AWS IAM role, you must insert a trust relationship into the role so that the Alteryx Analytics Cloud can leverage it.
Prerequisites:
Nota
These steps should be performed by an AWS administrator.
Please acquire the following information:
Account ID: The AWS account identifier that the Alteryx Analytics Cloud should use for access.
Nota
This value is provided to you by Alteryx.
After it has been specified, this value is available for workspace administrators through the Admin console. See AWS Account Page.
External ID:The external identifier is set within the Alteryx Analytics Cloud. This value is available for workspace administrators through the Admin console. See AWS Account Page.
IAM role: The AWS IAM role that the Alteryx Analytics Cloud should use.
For more information on the AWS Principal options described below, please review https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html.
Steps:
Login to the AWS console.
Open the IAM role for use with the Alteryx Analytics Cloud.
Insert the following AWS policy snippet to define the trust relationship for this role:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "<aws_account_id>" }, "Action": "sts:AssumeRole", "Condition": { "StringLike": { "sts:ExternalId": [ "<external_id>" ] } } } ] }
where:
Setting
Description
<aws_account_id>
The AWS account identifier for the Alteryx Analytics Cloud
<external_id>
The external identifier generated by the Alteryx Analytics Cloud
Save the IAM role definition.
Nota
The AWS account ID value must be applied to every user profile that requires access through this IAM role. See User Profile Page.