AWS S3
This article describes how to use the AWS S3 bucket to upload and manage files.
Storing large numbers of files in your S3 bucket may slow read times. We recommend regularly removing processed files from your S3 bucket to maintain efficient read times.
Credentials
You will need the following AWS credentials to configure the file service in the File Import configuration:
- Access Key
- Secret Key
- Bucket
Additionally, you can add a bucket prefix and region. For more information, see AWS: Manage access keys for IAM users.
Region
The Amazon S3 bucket and Tealium profile must be assigned to the same region to successfully import files.
Amazon S3 access configuration
If you use your company’s own Amazon S3 bucket for your file service (not the included Tealium S3 bucket), you need to allow Tealium access to the Amazon S3 bucket before processing any files.
Amazon bucket policies
Use the AWS Policy Generator and the Amazon S3 console to add a new bucket policy. The Amazon S3 bucket policies control access to buckets from specific virtual private cloud (VPC) endpoints.
For more information about AWS bucket policies, see the following articles in the AWS documentation:
- Adding a bucket policy by using the Amazon S3 console
- Controlling access from VPC endpoints with bucket policies
Use the following configuration details to allow Tealium access to the Amazon S3 bucket used in your file import data source.
{
"Version": "YYYY-MM-DD",
"Id": "VPCe and SourceIP",
"Statement": [{
"Sid": "VPCe and SourceIP",
"Effect": "Deny",
"Principal": "*",
"Action": "s3:*",
"Resource": [
"arns3:::name",
"arns3:::name/*"
],
"Condition": {
"StringNotEquals": {
"aws [
"vpce-0e9f123ab6789" // Replace this value with the vpcEndpointId that is trying to access your S3 bucket. You can find this ID in CloudTrail logs.
]
},
"NotIpAddress": {
"aws [
//(Optional) To help diagnose potential connection problems, ask your Tealium Customer Service Manager
//for the Tealium Office VPN IP Address(es) and add them below. The following addresses are examples only.
"54.206.4.11",
"54.150.228.144"
]
}
}
}]
}
VPCe addresses to allow
Ensure that you allow both the VPCe for us-west-1 and the VPCe for your profile region.
To find your profile region, navigate to the server-side admin menu and select Server-Side Settings > Region. After you locate your region, select the corresponding VPCe from Tealium IP addresses to allow.
Use Amazon CLI to upload files to an empty S3 Bucket
When an S3 bucket is first created, it’s empty. If you try to access an empty S3 bucket, the following message may be displayed:
Failure to read attributes of ACCOUNT-PROFILE
Before uploading any CSV files, use the following aws s3api command to upload a file into the empty bucket:
aws s3api put-object --bucket <bucket> --key <key> --body <body>
- The
bucketvalue is the region domain in the formatcollect-REGION.tealium.com. - The
keyvalue specifies the filename you want to assign to the file, including the file prefix. - The
bodyvalue specifies specifies the file location on the local system.
For example:
aws s3api put-object --bucket collect-us-east-1.tealium.com \
--key bulk-downloader/ACCOUNT-PROFILE/test_fileimp_01.csv \
--body ./test_fileimp_01.csv
For more information, see AWS Command Line Interface (CLI): How to Connect to Your S3 Bucket and Other Common Commands.
This page was last updated: September 19, 2024