Skip to content

IAM setup

Jump to bottom Edit New page
Yali Sassoon edited this page Aug 9, 2013 · 6 revisions

Overview

This is a short guide explaining how to setup userse in [Identity and Access Management (IAM)] iam to:

  1. Install Snowplow on your AWS account
  2. Operate Snowplow
  3. Perform analytics on Snowplow data

IAMs gives you fine grained control over the level of permissions each user has in accessing your AWS account. It is wise to limit the permissions to each user to the minimum to enable them to do the job required, so that if those credentials are compromised, the hacker who gains access to them has limited access to your AWS account.

We recommend you create 2-3 security groups for two types of user related to your Snowplow implementation:

  1. [A security group for engineers that setup Snowplow] install-snowplow. These users require wide ranging permissions to your AWS account. For that reason, we recommend that these users credentials are created just before Snowplow setup, and deleted shortly afterwards.
  2. [A security group for operating Snowplow] operate-snowplow. The Snowplow data pipeline is orchestrated by two applications: EmrEtlRunner and StorageLoader: both these applications require Amazon security credentials. We recommend creating a single user for both these applications, and granting that user only the very limited set of permissions required by EmrEtlRunner and StorageLoader
  3. [A security group for data analysts crunching Snowplow data] crunch-snowplow-data. For analysts who are crunching data in a database (i.e. Amazon Redshift or PostgreSQL), no Amazon security credentials are required. (Access is managed via the database i.e. Redshift and PostgreSQL.) For an analyst crunching Snowplow data using EMR (reading data from S3), security credentials are required however.

Instructions on setting up each of the types of user can be found below:

  1. [Setup an IAM user to install Snowplow] install-Snowplow
  2. [Setup an IAM user to operate Snowplow (i.e. for EmrEtlRunner and StorageLoader)] operate-snowplow
  3. [Setup an IAM user to crunch Snowplow data in EMR] crunch-snowplow-data

Disclaimer: Snowplow Analytics Ltd will not be liable for any problems caused by the full or partial implementation of these instructions on your Amazon Web Services account. If in doubt, please consult an independent AWS security expert.

Home | About | Project | Setup Guide | Technical Docs | Copyright © 2012-2013 Snowplow Analytics Ltd

HOME > [SNOWPLOW SETUP GUIDE](Snowplow setup guide) > Common

1. Trackers
Tracker setup: choosing a tracker
Javascript tracker setup
iOS tracker setup

2. Collectors
Collectors setup: choosing a collector
Cloudfront collector setup
Clojure collector setup
SnowCannon (node.js) setup

3. ETL
ETL setup: choosing an ETL module
EmrEtlRunner setup
Hive ETL
Scalding / Cascading ETL

4. Storage
Storage setup: choosing a storage option
StorageLoader setup
S3 / Hive storage setup
Infobright setup

5. Analytics
Analytics setup
[Analysis using Hive](hive analytics setup)
Infobright based analytics
ChartIO analytics setup

COMMON
Troubleshooting
IAM Setup Guide

Ruby and RVM setup
[Hosted assets](Hosted assets)

Clone this wiki locally