Setting up the correct access to your S3 bucket

If you already export Kissmetrics, Segment (or your own data) to a S3 bucket, we can access data directly from that bucket.

For this, our preferred option is for you to grant access to your S3 bucket to a MadKudu IAM role. To do this, you should add a bucket policy like the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::203796963081:role/madkudu-external-read"
            },
            "Action": [
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::[bucket_name]"
            ]
        },
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::203796963081:role/madkudu-external-read"
            },
            "Action": [
                "s3:GetObject"
            ],
            "Resource": [
                "arn:aws:s3:::[bucket_name]/*"
            ]
        }
    ]
}

(where [bucket_name] is replaced by the name of your bucket).

Once done, please let us know the name and region of your bucket.

NOTE: If all of this sounds like gibberish, please forward it directly to your favorite developer :)

Encryption

If your data in S3 is encrypted server-side, you might need to add a policy to let us use the encryption key. Please contact us at support@madkudu.com if that is the case.

Did this answer your question?