Add external storage locations

Before you add an Amazon S3 bucket as an external storage location, you need the following information:

• The name of your Amazon S3 bucket. This is where Calabrio ONE exports your files.

• The access key and secret key of an IAM user who is assigned to a policy that has these permissions for your S3 bucket: ListBucket, GetBucketLocation, and PutObject. Calabrio ONE accesses your S3 bucket with this user’s keys.

  EXAMPLE   

  The following policy grants the required permissions. You can assign this IAM user to a similar policy.

  {

  “Version”: “<current policy language version>”,

  “Statement”: [

  {

  “Sid”: “Bucket”,

  “Effect”: “Allow”,

  “Action”: [

  “s3:ListBucket”,

  “s3:GetBucketLocation”

  ],

  “Resource”: [

  “arn:aws:s3:::<name of your S3 bucket>”

  ]

  },

  {

  “Sid”: “BucketContents”,

  “Effect”: “Allow”,

  “Action”: [

  “s3:PutObject”

  ],

  “Resource”: [

  “arn:aws:s3:::<name your S3 bucket>/*”

  ]

  }

  ]

  }

Add an Amazon S3 bucket as an external storage location

1. Select Create External Storage Location.

2. In the Name field, enter a unique name for the S3 bucket.

   NOTE   This name identifies the external storage location in Calabrio ONE. It can be different from the name of the S3 bucket.

3. From the Type drop-down list, select Amazon S3 (Immediate Access).

4. Configure the AWS Storage Configuration section as follows. The values for the fields listed below come from your organization's AWS instance. Find the values and enter them into each of the fields listed below in Calabrio ONE.

   NOTE   Refer to AWS documentation for more information on creating an IAM role or managing access keys for IAM users.

   Field	Description
   Use AWS IAM Role Assumption	Select this check box to show the Role ARN and External ID fields. Deselect this check box to show the IAM Access Key and IAM Secret Key fields.
   Bucket Name	Enter the name of the S3 bucket. This name is case-sensitive.
   Choose Region	Select the Amazon region where the S3 bucket is located.
   IAM Access Key	Enter the access key ID of the IAM user who is assigned to a policy that grants the permissions required to access the S3 bucket.
   IAM Secret Key	Enter the secret access key of the IAM user who is assigned to a policy that grants the permissions required to access the S3 bucket.
   Role ARN	The Amazon Resource Name (ARN) for the role in the customer's AWS account that grants access to the S3 bucket (or more generally, the AWS services) Calabrio ONE accesses. This role ARN should be in the standard AWS format: arn:aws:iam::<CUSTOMER_AWS_ACCOUNT_NUMBER:role/<ROLE_NAME>
   External ID	This ID comes from your organization's AWS configuration. An external ID is treated like a password for your organization's AWS account role. Your external ID, which you create in your AWS account under the ARN Role that is configured to provide access to your S3 bucket, can be any string of characters as long as it has a minimum of 2 characters and maximum of 550 characters. You must create your external ID in your AWS instance first, then you copy and paste the external ID in this text field in Calabrio ONE exactly as it appears in your AWS account. The external ID is a unique identifier in AWS used by Calabrio ONE when assuming the role in the customer's AWS account for cross-account role access. BEST PRACTICE   When you create this ID in AWS, use a naming convention that starts with an alphanumeric syntax that contains only hyphens. This is consistent with allowed values in Calabrio ONE.

5. Click Save.