Create an AWS connection to an Edge or Collibra Cloud site

After you install an Edge site or are granted a Collibra Cloud site, you can create a connection to Amazon Web Services (AWS).

Do you use a vault?

You can use a vault to add your data source information to your Edge site connection.

Check the connection property table below to see which information is available for your vault.

Vaults are not available for Collibra Cloud sites.
No vault
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
  
To use your vault, do the following:
  1. In the Value Type field, select Vault Key.
  2. Enter the query value to identify the secret in your vault.
    Example 
    Note The Query must be a string containing the properties required to identify the secret. Each property must be separated by a semicolon (;). For example: Safe=<SafeName>;Folder=<FolderName>;Object=<ObjectName>

    If a property is a folder with sub-folders, use a backslash (\) to define the folder path. For example: Folder=Root\Top Secrets\More Secrets

    For more information about query formats and supported properties, go to the CyberArk Credential Provider documentation.

To use your vault, do the following:
  1. In the Value Type field, select Vault Key.
  2. Enter the required information:
    Secret Engine Type
    Select one of the following:
    • Key Value
    • Database
    Engine Path
    The engine path to your vault where the value is stored.
    Secret Path
    The secret path to your vault where the value is stored.
    Field
    If your Secret Engine Type is Key Value, enter the name of the field to your vault where the value is stored.
    Role
    If your Secret Engine Type is Database, enter the role specified in the Database engine.
    Example 

To use your vault, do the following:
  1. In the Value Type field, select Vault Key.
  2. Enter the required information:
    Vault Name
    The name of your Azure Key Vault in your Azure Key Vault service where the value is stored.
    Secret Name
    The name of the secret in your vault where the value is stored.
    Example 

To use your vault, do the following:
  1. In the Value Type field, select Vault Key.
  2. Enter the required information:
    Secret Name
    The name of the secret in your vault where the value is stored.
    Field
    If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass.
    Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field.
    Example 

To use your vault, do the following:
  1. In the Value Type field, select Vault Key.
  2. Enter the name of the secret in your vault where the value is stored.
    Example 

Prerequisites

In your Collibra environment

  • You either created and installed an Edge site or were granted a Collibra Cloud site.
    Note 

    If you have defined an outbound (forward) proxy on your Edge site, the integration will take that configuration into account when connecting to the data source. The following proxies are supported for:

    • Path through (No authentication)
    • Path through (Basic authentication)
    • MITM (No authentication)
    • MITM (Basic authentication)
    • No proxy for noProxy hosts defined by Edge
  • You have added a vault to your Edge site.
  • You have a global role that has the Manage connections and capabilities global permission, for example, Edge integration engineer.

In your AWS environment

For details on AWS permissions, see Actions in AWS documentation.

  • Your IAM role or user must have the following AWS permissions in AWS IAM for inbound metadata synchronization:
    • datazone:ListDomains
    • datazone:ListProjects
    • datazone:SearchListings

Steps

  1. Open a site.
    1. On the main toolbar, click Products iconCogwheel icon Settings.
      The Settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of your sites.
    3. In the table, click the name of the site whose status is Healthy.
      The site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Select the AWS connection.
  4. Enter the required information.
    FieldDescriptionRequiredAvailable for Vaults?
    Name

    The name of the Edge or Collibra Cloud site AWS connection.

    		 Yes No
    Description

    The description of the connection.

    		 No No
    Vault The vault where you store your data source values. No No
    Authentication type

    The type of authentication you use. Only IAM authentication is supported for SageMaker Unified Studio.

    		Yes No
    Access Key ID

    The access key ID of the programmatic AWS user.

    		 Yes for IAM authentication type. Yes
    Secret Access Key

    The secret access key of the programmatic AWS user.

    		Yes for IAM authentication type. Yes
  5. Click Create.
    The connection is added to the Edge or Collibra Cloud site.
    The fields become read-only.

What's next?

You can now add the SageMaker Unified Studio data catalog capability to an Edge or Collibra Cloud site.