Hightouch's AWS integration powers several features:
To start the process of connecting your AWS account to Hightouch, navigate to your Integration Settings. Under Cloud Providers, click Add Cloud Provider, and select Amazon Web Services.
Give your Credential a name, then select either Cross-Account Role or Access Key.
Cross-account roles are a mechanism provided by AWS to allow you to grant secure access to Hightouch without requiring that you hand over sensitive secrets like Secret Access Keys.
The Hightouch UI will display an Account ID and a randomly generated External ID, as shown below, which must be plugged into an IAM Role you create in your AWS account. Store these values for future reference.
Neither the Account ID nor the External ID are secrets, so don't worry about keeping them somewhere secure.
- From your AWS console, navigate to IAM > Roles and click Create Role.
- Under Select type of trusted entity, choose Another AWS account.
- Proceed to attach permissions to the role, choose a name, then create the role.
- The exact permission policies you attach depend on which Hightouch features you intend to use. Consult the documentation for those services for further guidance.
- Copy the Role ARN from AWS IAM and paste it into the Role ARN field in Hightouch. Click Create to complete the process.
For more information, read AWS's tutorial on delegating access cross-account using IAM Roles.
The Access Key access type allows you to configure Hightouch to use an IAM user by providing the user's Access Key ID and Secret Access Key.
If you need help generating these keys, consult the IAM article on this topic.
Once you have an Access Key ID and Secret Access Key, paste those values into the form and click Create.