Getting started on Snowplow Insights

  1. Home
  2. Docs
  3. Getting started on Snowplow Insights
  4. Setup Snowplow Insights on AWS

Setup Snowplow Insights on AWS

To setup your Snowplow pipeline, we need you to create a sub-account dedicated to Snowplow, then set up a user within this sub-account with the appropriate permissions (using an IAM policy) to set up the pipeline. The process for this is as follows:

Create sub-account
  1. From your main AWS account, set up an Organisation if you haven’t done so already.
  2. Create a member account (the sub-account) in that organization
  3. Sign out and sign into the new sub-account. Everything Snowplow-related will take place within this account from here in.
  4. Follow these instructions to create a policy using the policy list below.
Set up Role and IAM permissions
  1. Access the IAM control panel within the sub-account
  2. Go to Access management > Roles and select Create role
  3. Select “Another AWS account”
    (Account ID: 793733611312 Require MFA: true)
  4. Select the policy you created earlier
  5. Call the role “SnowplowAdmin” or similar

Once this role has been created please share the IAM role ARN (Amazon Resource Name) with us via Insights console.

Policy List
"acm:*", "apigateway:*", "application-autoscaling:*", "autoscaling:*", "aws-marketplace:Subscribe", "aws-marketplace:Unsubscribe", "aws-marketplace:ViewSubscriptions", "cloudformation:*", "cloudfront:*", "cloudwatch:*", "dynamodb:*", "ec2:*", "es:*", "elasticbeanstalk:*", "elasticloadbalancing:*", "elasticmapreduce:*", "execute-api:*", "events:*", "iam:*", "kinesis:*", "lambda:*", "logs:*", "rds:*", "redshift:*", "s3:*", "sns:*", "ssm:*", "support:*", "route53:*", "ecs:*", "kms:List*", "kms:DescribeKey", "secretsmanager:CreateSecret", "secretsmanager:TagResource", "secretsmanager:DescribeSecret", "secretsmanager:GetResourcePolicy", "secretsmanager:PutSecretValue", "secretsmanager:GetSecretValue"

For complete documentation from Amazon go here.