Create an AWS connection to an Edge site

Important 

Choose an option below to explore the documentation for the latest user interface (UI) or the classic UI.

After you install an Edge site or are granted a Collibra Cloud site, you can create a connection to Amazon Web Services.

Before you begin

You have created and installed an Edge site.

Required permissions

Steps

  1. Open a site.
    1. On the main toolbar, click Products iconCogwheel icon Settings.
      The Settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of your sites.
    3. In the table, click the name of the site whose status is Healthy.
      The site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Enter the required information.
    FieldDescriptionRequired

    Connection settings

    This section contains the general settings of your connection.

    Name

    The name of the Edge AWS connection.

    		 Yes
    Description

    The description of the connection.

    		 No
    Connection provider

    The connection provider, which determines the available connection parameters.

    Select the AWS connection to connect to Amazon S3.

    		 Yes

    Connection parameters

    		This section contains the settings to connect to your data source.
    Authentication type

    The type of authentication you use. The possible values are IAM and EC2.

    Use type EC2 AWS if you want to connect to an AWS EC2 instance that is configured with role based authentication. For more details, go to Prepare S3 for Edge.

    		 Yes
    Access Key ID
    		The access key ID of the programmatic AWS user. Yes for IAM authentication type.
    Secret Access Key
    		The secret access key of the programmatic AWS user. Yes for IAM authentication type.
    Encryption options

    Select the type of encryption used to store the Secret Access Key.

    Default: To be encrypted by Edge management server.

    		 Yes for IAM authentication type.

    Additional parameters

    Your connection to AWS does not require any additional parameters.

    Delete the existing blank property.

    		 No
  4. Click Create.
    The connection is added to the Edge or Collibra Cloud site.
    The fields become read-only.

What's next

You can now add the S3 synchronization capability.

Available vaults

Tip 

You can use a vault to add your data source information to your Edge site connection.

Vaults are not available for Collibra Cloud site sites.
None
AWS Secrets Manager
Azure Key Vault
CyberArk Vault
Google Secret Manager
HashiCorp Vault
  

Before you begin

  • You either created and installed an Edge site or were granted a Collibra Cloud site.
  • You have added a vault to your Edge site.
    Note  Vaults are not supported on Collibra Cloud sites.
  • If your data source connection requires a file from your vault, the file must be encoded into Base64 and stored as a regular secret in your vault.

Required permissions

Steps

  1. Open a site.
    1. On the main toolbar, click Products iconCogwheel icon Settings.
      The Settings page opens.
    2. In the tab pane, click Edge.
      The Sites tab opens and shows a table with an overview of your sites.
    3. In the table, click the name of the site whose status is Healthy.
      The site page opens.
  2. In the Connections section, click Create connection.
    The Create connection page appears.
  3. Select the AWS connection to connect to Amazon S3.
  4. Enter the required information.
    FieldDescriptionRequired
    Name

    The name of the Edge or Collibra Cloud site AWS connection.

    		 Yes
    Description

    The description of the connection.

    		 No
    Vault The vault where you store your data source values. No
    Authentication type

    The type of authentication you use. The possible values are IAM and EC2.

    Use type EC2 AWS if you want to connect to an AWS EC2 instance that is configured with role based authentication. For more details, go to Prepare S3 for Edge.

    		 Yes
    Access Key ID

    The access key ID of the programmatic AWS user.

    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the query value to identify the secret in your vault.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret Engine Type

      Select one of the following:

      • Key Value
      • Database
      Engine PathThe engine path to your vault where the value is stored.
      Secret PathThe secret path to your vault where the value is stored.
      Field

      The name of the field to your vault where the value is stored.

      Note Only available if you selected Key Value in the Secret Engine Type field.

      Role

      The role specified in the Database engine.

      Note Only available if you selected Database in the Secret Engine Type field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Vault NameThe name of your Azure Key Vault in your Azure Key Vault service where the value is stored.
      Secret NameThe name of the secret in your vault where the value is stored.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret NameThe name of the secret in your vault where the value is stored.
      Field

      If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass.

      Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the name of the secret in your vault where the value is stored.
      Example 
    		 Yes for IAM authentication type.
    Secret Access Key

    The secret access key of the programmatic AWS user.

    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the query value to identify the secret in your vault.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret Engine Type

      Select one of the following:

      • Key Value
      • Database
      Engine PathThe engine path to your vault where the value is stored.
      Secret PathThe secret path to your vault where the value is stored.
      Field

      The name of the field to your vault where the value is stored.

      Note Only available if you selected Key Value in the Secret Engine Type field.

      Role

      The role specified in the Database engine.

      Note Only available if you selected Database in the Secret Engine Type field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Vault NameThe name of your Azure Key Vault in your Azure Key Vault service where the value is stored.
      Secret NameThe name of the secret in your vault where the value is stored.
      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the required information:
      NameDescription
      Secret NameThe name of the secret in your vault where the value is stored.
      Field

      If the secret stored in your AWS Secrets Manager is a JSON value, for example {"pass1": "my-password", "pass2": "my-password2"}, then you need to specify the Field to point to the exact JSON value that should be used. For example, Secret Name: edge-db-customer; Field: pass.

      Note If the secret stored in your AWS Secrets Manager is a plain string value, for example my-password, then you do not need to specify the Field.

      Example 
    To use your vault, do the following:
    1. In the Value Type field, select Vault Key.
    2. Enter the name of the secret in your vault where the value is stored.
      Example 
    		 Yes for IAM authentication type.
  5. Click Create.
    The connection is added to the Edge or Collibra Cloud site.
    The fields become read-only.

What's next

You can now add the S3 synchronization capability.