AWS Setup for Snowplow Pipeline

To setup Snowplow, we need you to create a sub-account dedicated to Snowplow, then set up a user within this sub-account with the appropriate permissions (using an IAM policy) to set up the pipeline. The process for this is as follows:

Create sub-account

  1. From your main AWS account, set up an Organisation if you haven’t done so already.
  2. Create a member account (the sub-account) in that organization
  3. Sign out and sign into the new sub-account. Everything Snowplow-related will take place within this account from here in.

Set up Role and IAM permissions

  1. Access the IAM control panel within the sub-account
  2. Go to Access management > Roles and select Create role
  3. Select “Another AWS account”
    • Account ID: 793733611312
    • Require MFA: true
  4. Select the policy you created earlier
  5. Call the role “SnowplowAdmin” or similar

Once this role has been created please share the IAM role ARN (Amazon Resource Name) with us via Insights console.

Updated Policy List

"acm:*",
"apigateway:*",
"application-autoscaling:*",
"autoscaling:*",
"aws-marketplace:Subscribe",
"aws-marketplace:Unsubscribe",
"aws-marketplace:ViewSubscriptions",
"cloudformation:*",
"cloudfront:*",
"cloudwatch:*",
"dynamodb:*",
"ec2:*",
"es:*",
"elasticbeanstalk:*",
"elasticloadbalancing:*",
"elasticmapreduce:*",
"execute-api:*",
"events:*",
"iam:*",
"kinesis:*",
"lambda:*",
"logs:*",
"rds:*",
"redshift:*",
"s3:*",
"sns:*",
"ssm:*",
"support:*",
"route53:*",
"ecs:*",
"kms:List*",
"kms:DescribeKey",
"secretsmanager:CreateSecret",
"secretsmanager:TagResource",
"secretsmanager:DescribeSecret",
"secretsmanager:GetResourcePolicy",
"secretsmanager:PutSecretValue",
"secretsmanager:GetSecretValue"

For complete documentation from Amazon go here.