Amazon S3 Integration

Amazon S3 is a highly scalable storage system offered by Amazon Web Services. Braze has two different integration strategies with Amazon S3 - one for Braze Currents and one for all Dashboard data exports (CSV exports, Engagement Reports, etc.) Both integrations support two different authentication/authorization methods:

Follow the instructions on this page to get started with your AWS S3 integration. If you already have an S3 bucket, we still recommend creating a new bucket specifically for Braze so you can limit permissions.

  1. To create a bucket for your app, open the Amazon S3 console and follow the instructions to Sign in or Create an Account with AWS.
  2. Once signed in, select “S3” from the “Storage & Content Delivery” category.
  3. Select “Create Bucket” on the next screen and you”ll be prompted to create your bucket and select a region.

AWS Secret Key auth method

This authentication method generates a Secret Key and an Access Key ID that enables Braze to authenticate as a user on your AWS account for the purposes of writing data to your bucket.

Step 1 - Create User

To retrieve your Access Key ID and Secret Access Key, you’ll need to create an IAM User and Administrators Group in AWS.

Step 2 - Get Credentials

Once a user has been created, click “Show User Security Credentials” so your Access Key ID and Secret Access Key will be revealed. Next, either note these credentials somewhere, or click the blue “Download Credentials” button as you will need to input these into the Braze dashboard later on.

Secret Key

Step 3 - Create Policy

Now, navigate to the Policies tab in the navigation bar and select “Get Started” then “Create Policy”. This will allow you to add permissions for your user. Select “Create Your Own Policy”. This will give limited permissions so we only have the ability to access the bucket that you specify.

Policy

Input the code below when creating your own policy. (Note that there are different policies required for “Currents” vs. “Dashboard Data Export”.) Specify a “Policy Name” of your choice, and input the code below into the “Policy Document” section. Be sure to replace INSERTBUCKETNAME with your own bucket name.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:GetBucketLocation"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:PutObject", "s3:ListObject"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME*", "arn:aws:s3:::INSERTBUCKETNAME/", "arn:aws:s3:::INSERTBUCKETNAME"]
        }
    ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:ListBucket", "s3:GetBucketLocation"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME*", "arn:aws:s3:::INSERTBUCKETNAME/", "arn:aws:s3:::INSERTBUCKETNAME"]
        }
    ]
}

Step 4 - Attach Policy

Once your policy has been created, navigate to “Users” and then click into your specifc user so you can attach this new policy. On the “Permissions” tab, click “Attach Policy”.

Attach User

Search for the new policy that you created and click to attach.

You are now ready to link your AWS credentials to your Braze account.

Step 5 - Link Braze to AWS

Navigate to the “Currents” page on the Braze Dashboard under the “Integrations” section, click the “Create Current” dropdown, and select “Amazon S3 Data Export”.

AWS Creds

Give your Current a name. Then, in the Credentials section, make sure the “AWS Secret Access Key” radio button is selected, then input your AWS Access ID, AWS Secret Access Key, and AWS S3 Bucket Name in the designated fields.

You can also add the following customizations, based on your needs:

  • Folder Path (defaults to currents)
  • AES-256 Encryption (defaults to OFF)

Click “Launch Current” to continue.

A notification will inform you whether your credentials have been successfully validated. AWS S3 should now be set up for Braze Currents.

Navigate to the “Technology Partners” page on the Braze Dashboard under the “Integrations” section and click on “Amazon S3”.

AWS Creds

On the AWS Credentials page, make sure the “AWS Secret Access Key” radio button is selected, then input your AWS Access ID, AWS Secret Access Key, and AWS S3 Bucket Name in the designated fields. When inputting your secret key, click “Test Credentials” first to ensure your credentials work, then “Save” once this is successful.

A notification will inform you whether your credentials have been successfully validated. AWS S3 should now be integrated into your Braze account.

AWS Role ARN auth method

This authentication method generates a Role ARN (Amazon Resource Name) that enables Braze’s Amazon account to authenticate as a member of the Role you created for the purposes of writing data to your bucket.

Step 1 - Create Policy

To get started, navigate to the IAM section of the AWS Console, click “Policies” in the navigation bar and click “Create Policy”.

Role ARN

Open the “JSON” tab and input the code below into the “Policy Document” section. Be sure to replace INSERTBUCKETNAME with your own bucket name. Click “Review Policy” when you’re finished.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:GetBucketLocation"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:PutObject", "s3:ListObject"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME/*"]
        }
    ]
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": ["s3:ListBucket", "s3:GetBucketLocation"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME"]
        },
        {
            "Effect": "Allow",
            "Action": ["s3:GetObject", "s3:PutObject", "s3:DeleteObject"],
            "Resource": ["arn:aws:s3:::INSERTBUCKETNAME/*"]
        }
    ]
}

Next, give the policy a name and a description and click “Create Policy”.

Role ARN

Role ARN

Step 2 - Create Role

Now, still within the IAM section of the AWS Console, click “Roles” in the navigation bar and click “Create Role”.

Role ARN

Retrieve your Braze Account ID and External ID from your Braze account.

Navigate to the “Currents” page in your Braze account under the “Integrations” section, click the “Create Current” dropdown, and select “Amazon S3 Data Export”.

AWS Creds

Navigate to the “Technology Partners” page in your Braze account under the “Integrations” section and click on “Amazon S3”.

AWS Creds

Back on the AWS Console, select “Another AWS Account” from the type of trusted entity selector. Enter the Braze Account ID, check “Require external ID”, and enter the Braze External ID. Click “Next” when complete.

Role ARN

Step 3 - Attach Policy

Next, attach the Policy you created earlier to the Role. Search for the policy in the search bar, and place a checkmark next to the policy to attach it. Click “Next” when complete.

Role ARN

Give the Role a name and a description, and click “Create Role”.

Role ARN

You should now see your newly created Role in the list.

Step 4 - Link to Braze AWS

Still on the AWS Console, find your newly created Role in the list. Click the name to open up the details of that Role.

Role ARN

Take note of the “Role ARN” at the top of the summary (click the icon to copy to the clipboard.)

Role ARN

Return to your Braze account and copy the Role ARN into the field provided.

Navigate to the “Currents” page in your Braze account under the “Integrations” section, click the “Create Current” dropdown, and select “Amazon S3 Data Export”.

AWS Creds

Give your Current a name. Then, in the Credentials section, make sure the “AWS Role ARN” radio button is selected, then input your Role ARN, and AWS S3 Bucket Name in the designated fields.

You can also add the following customizations, based on your needs:

  • Folder Path (defaults to currents)
  • AES-256 Encryption (defaults to OFF)

Click “Launch Current” to continue.

A notification will inform you whether your credentials have been successfully validated. AWS S3 should now be set up for Braze Currents.

Navigate to the “Technology Partners” page in your Braze account under the “Integrations” section and click on “Amazon S3”.

AWS Creds

On the AWS Credentials page, make sure the “AWS Role ARN” radio button is selected, then input your Role ARN, and AWS S3 Bucket Name in the designated fields. Click “Test Credentials” first to ensure your credentials work properly, then “Save” once this is successful.

A notification will inform you whether your credentials have been successfully validated. AWS S3 should now be integrated into your Braze account.

WAS THIS PAGE HELPFUL?
New Stuff!