Amazon Web Services

Amazon Web Services (AWS) offer a variety of cloud-based services, including computing, storage, databases, and more. Unlike many other services, AWS products often go beyond data, providing additional functionality for users. Through Skuid’s DSTs, you can utilize this additional functionality within your Skuid pages.

In contrast to most other Skuid DSTs, AWS service requests are authenticated by AWS access keys, but the authentication provider creation process is mostly similar. These AWS access keys are associated with a certain set of permissions, but it is very possible to access multiple AWS services through one Skuid authentication provider.

Note

The AWS data source types are currently exclusive to Skuid Platform.

Configure an Amazon Authentication Provider

In Amazon

Before configuring data sources within Skuid, you’ll need to acquire a pair of credentials from AWS: an access key ID and secret access key.

If you are not the manager of your AWS services, follow along with Amazon’s steps for creating access keys with your IT administrator. You’ll need to do the following:

  • Create a new group and selecting the appropriate policies for that group
    • These should align with your intended Skuid use. Ensure your access policies match the services (S3, DynamoDB, or SNS) you’ll be using.
  • Create a new user in AWS Identity and Access Management (IAM) within the newly created group.
  • Retrieve the access credentials generated for that user:
    • The secret access is displayed once, immediately after the access key is generated, and cannot be found later. Be sure to copy it to a safe place.
  • Create a Skuid authentication provider using those credentials.

Note

The examples listed for the individual AWS products assume the user has full access, but Skuid adheres to any policies associated with the AWS access credentials provided to it.

In Skuid

Create an authentication provider

With your access credentials handy, you can now use them to configure a Skuid authentication provider that will work with all AWS data sources.

  1. Navigate to Configure > Data Sources > Authentication Providers.
  2. Click New Authentication Provider.
  3. Enter a name, such as AWSAuth.
  4. Under Authentication Method, select AWS: Access Keys.
  5. Enter your AWS Access Credentials:
    • AWS Access Key Id
    • AWS Secret Access Key
  6. Click Save.

Configure an Amazon Data Source

The creation process for each Amazon data source is similar for each service. Insert the appropriate data source type name where appropriate.

  1. Navigate to Configure > Data Sources > Data Sources..
  2. Click New Data Source.
  3. Select the data source type for the Amazon service.
  4. Enter an appropriate name for the service, such as AWS-ServiceName.
  5. Click Next Step.
  6. Select the authentication provider you configured in the Amazon authentication provider section.
  7. Configure your AWS Connection Details:
    • AWS Region: Select the region where the resources you want to work with within Skuid reside. See AWS documentation on regions for more information.
    • AWS API Version: The API version for this service (formatted as a date). For most use cases, you may leave this field blank as Skuid uses preferred default API versions.
  8. Click Save.

AWS Access Permissions

When using AWS APIs, it is best practice to utilize strict and well-defined IAM policies so users can only perform actions they have explicit access to.

Listed below are the permissions Skuid’s AWS data source types require to properly function. Use this list to better define your IAM roles.

DynamoDB

  • listTables
  • describeTable
  • scan
  • query
  • putItem
  • updateItem
  • deleteItem

Lex

Skuid utilizes both the LexRuntime and LexModelBuildingService SDKs.

  • postContent
  • getBot
  • getIntent

Polly

  • synthesizeSpeech

S3

  • listBuckets
  • listObjects
  • deleteObject
  • putObject
  • getObject

SNS

  • listTopics
  • listSubscriptionsByTopic
  • listSubscriptions
  • createTopic
  • deleteTopic
  • publish
  • subscribe
  • unsubscribe