Skip to main content

Push Data to AWS S3

Who gets this? Data Warehouse Push is currently only available in beta for Postscript brands on the Enterprise plan. To begin using Data Warehouse Push, please be sure to first contact your Customer Success Manager.

Data Warehouse Push allows Postscript to automatically send both historical and new data stored in-app, including clicks, order attribution, and more, to your designated data warehouse.

In this article, we'll walk you through the three steps for configuring your S3 destination.

IMPORTANT! Once complete, share the credentials with Postscript and we'll handle the rest.

Prerequisites

  • An active AWS account with access to Amazon S3 and IAM

Step 1: Create an S3 Bucket

  1. Log in to the AWS Console and navigate to Amazon S3.

  2. Select Create bucket.

  3. Choose a bucket name and an AWS Region.

  4. Configure any additional settings as needed (versioning, encryption, etc.) and select Create bucket.

Step 2: Create an IAM Policy

This policy is required regardless of whether you use an IAM User or IAM Role.

  1. In the AWS Console, navigate to IAM > Policies and select Create policy.

  2. Switch to the JSON tab and paste the policy below.

    1. Replace <YourBucketName> with the name of the bucket you just created.

  3. Select Next, name the policy (e.g. PostscriptS3Policy), and select Create policy.

{   "Version": "2012-10-17",   "Statement": [     {       "Sid": "ManageBucket",       "Effect": "Allow",       "Action": [         "s3:GetBucketCORS",         "s3:ListBucket",         "s3:GetBucketLocation",         "s3:GetBucketAcl",         "s3:GetBucketPolicy"       ],       "Resource": "arn:aws:s3:::<YourBucketName>"     },     {       "Sid": "ManageObjects",       "Effect": "Allow",       "Action": [         "s3:ReplicateObject",         "s3:PutObject",         "s3:GetObject",         "s3:GetObjectAcl",         "s3:PutObjectVersionAcl",         "s3:PutObjectAcl",         "s3:ListMultipartUploadParts"       ],       "Resource": "arn:aws:s3:::<YourBucketName>/*"     },     {       "Sid": "ListAllBuckets",       "Effect": "Allow",       "Action": "s3:ListAllMyBuckets",       "Resource": "*"     }   ] }

Step 3: Choose Your Authentication Method

Option A — IAM User (Access Keys)

Use this method if your organization prefers static credentials.

  1. In the AWS Console, navigate to IAM > Users and click Create user.

  2. Give the user a name (e.g. postscript-s3-user).

  3. On the Set permissions step, choose Attach policies directly and attach PostscriptS3Policy.

  4. Complete user creation.

  5. Go to the user's Security credentials tab and click Create access key.

  6. Choose Third-party service as the use case and create the key.

  7. Copy the Access Key ID and Secret Access Key — you won't be able to view the secret key again.

Proceed to Step 4A to share your credentials.

Option B — IAM Role (Recommended)

Use this method if your organization requires role-based access. Roles use temporary, rotating credentials and are considered an AWS security best practice for third-party integrations.

  1. In the AWS Console, navigate to IAM > Roles and click Create role.

  2. Under Trusted entity type, select AWS account, then select Another AWS account.

  3. Enter the following Account ID: 012922587834

  4. Check Require External ID and enter the following External ID: rivery:aws:extid:697bafb36e4d97ec6749c72d

  5. Click Next and attach PostscriptS3Policy.

  6. Name the role (e.g. PostscriptS3Role) and click Create role.

  7. Open the role and copy the Role ARN (e.g. arn:aws:iam::123456789012:role/PostscriptS3Role).

TIP! For connection stability, set the role's Maximum session duration to 12 hours (43200 seconds) in the role settings.

Proceed to Step 4B to share your credentials.

Step 4: Share Your Connection Details with Postscript

Step 4A — IAM User (Option A)

Field

Description

AWS Access Key ID

From the IAM user created above

AWS Secret Access Key

From the IAM user created above

AWS Region

The region your S3 bucket was created in (e.g. us-east-1)

Bucket Name

The name of the S3 bucket

Path / Prefix

(Optional) A folder path within the bucket (e.g. postscript/data/)

Step 4B — IAM Role (Option B)

Field

Description

Role ARN

The ARN of the IAM role created above

AWS Region

The region your S3 bucket was created in (e.g. us-east-1)

Bucket Name

The name of the S3 bucket

Path / Prefix

(Optional) A folder path within the bucket (e.g. postscript/data/)

Get Support

Have questions? Please feel free to reach out to our Support team at [email protected] or via live chat.

Need ongoing channel strategy guidance? Please fill out this form and we'll connect you to one of our certified partners.

Related Articles
Push Data to BigQuery
Push Data to Google Cloud Storage (GCS)
Push Data to Redshift
Push Data to Snowflake
Push Data to Azure Blob Storage
Did this answer your question?