You cannot make any changes to External Platform Integrations without having either an Administrator or an Editor with PII access in InOne. Refer to User Roles for further information.
The data export feature allows you to efficiently export large volumes of your Insider One event data directly to your AWS S3 bucket. This capability facilitates seamless analysis using analytics tools or enables you to store the data in your data warehouse for future analysis purposes.
In this guide, you will find answers to the following questions:
What do I need before the Amazon S3 integration?
To make the most of the Amazon S3 integration, you'll need two essential elements:
The designation of the S3 bucket where you intend to store your data.
Authorization for Insider One to write data into your designated bucket.
If you already have a bucket, you'll need to adjust the policy to allow Insider One to access it. This simple step ensures smooth collaboration.
What are the authentication settings and AWS credentials?
This authentication process creates a secret key and an access key ID. These credentials allow Insider One to authenticate as a user in your AWS account, granting the necessary permissions to write data to your bucket.
Create a new S3 bucket
Access the Amazon S3 console to establish a bucket for your application.
Once logged in, go to the "Storage & Content Delivery" category and click on S3. Alternatively, you can use the AWS services search box, look for S3, and select it from the search results.
Upon clicking, the Bucket page will appear.
Proceed to the next screen and select "Create Bucket." This action will prompt the display of the Create Bucket page.
You will be directed to configure your bucket by specifying a name and region.
Once you've provided this information, click on Create bucket. If the bucket creation is successful, a confirmation message will be shown in the snack bar at the top of the screen.
To read more about creating an S3 bucket, you can refer to Amazon's article.
Retrieve access keys
To retrieve your access key ID and secret access key, you must create an IAM user and an administrators group in AWS. For more details, you can refer to the Amazon's article.
Upon the creation of a new user, proceed to the user settings.
Click on Retrieve access keys to reveal the access key ID and secret access key.
Ensure these credentials are securely recorded or utilize the Download.csv button for safekeeping.
It is crucial to keep these details accessible, as you will be prompted to enter them into the InOne panel later during the integration process.
Create a policy
To create a policy for an S3 bucket, you can use the AWS Management Console.
Go to "Policies" in your AWS console.
Under "Policies," select "Get Started" and then click on Create Policy.
Create a policy to define permissions for your user within AWS.
When creating the policy, specify limited permissions that allow Insider One access to only the designated buckets.
Select Create Policy to save the policy.
It's important to carefully define the permissions in the policy to ensure that access to your S3 bucket is configured correctly and secure. The policy should follow the principle of least privilege, granting only the necessary permissions to users or processes.
These steps will allow you to add the necessary permissions so that the Insider One can only have limited access to the specified buckets.
This policy is crucial for the integration. Without the specified permissions, the integration will not pass a credentials check and won't be created.
Choose a name for your policy.
In the Policy Document section, input the provided code snippet. Be sure to replace "export-bucket-name" in the code with the actual name of your bucket.
Replace “your_bucket_name” in the JSON code with the name of the S3 bucket you created in the Create a new S3 bucket step.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"s3:PutObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::{export-bucket-name}/*",
"arn:aws:s3:::{export-bucket-name}"
]
}
]
}.png)
If you already have a bucket and want to change its policy:
You can add a new policy to your user.
You can update your existing policy according to this policy.
It is highly suggested that you periodically review and update your S3 bucket policies to align with any changes in your security requirements or access patterns.
Attach a policy
After creating a new policy, navigate to Users and click on your specific user.
In the Permissions tab, click Add permissions >Attach Policies Directly > select the new policy you created.
You are now ready to link your AWS credentials to your Insider One account. Share your Authentication Credentials and integration details with the Insider One team.
How can I launch the Amazon S3 integration?
To initiate the integration process, it is essential to provide the following information accurately and completely to the Insider Integration team.
1. Navigate to the External Platform Integrations and create an Amazon S3 Integration.
2. On this page, you will fill in your:
AWS Access Key ID: Unique identifier for accessing your AWS resources.
AWS Secret Access Key: Secret key associated with the Access Key ID for secure authentication.
AWS Region: The region where your Amazon S3 bucket is located.
AWS Bucket Name: The name of your Amazon S3 bucket where data will be stored.
AWS Path Name: Specific folder or path within the bucket where data will be organized. It’s optional; if you don’t have a path, we are directing the main folder.
The file path must be a text string of valid characters that specifies the exact location of your data within the S3 bucket (e.g., folder/file-name.csv)
3. Click Save and Continue after you enter the necessary information.
4. Then, your credentials will be validated. If there is any problem, you will see a message at the top of the page explaining the authentication validation error details. For more details, you can refer to Amazon's article.
5. After your credentials are validated, you will be navigated to the Configure step to select one or more Events to trigger your integration in the tabs. 
6. After you select the first event type you want to trigger the data collection, you can see the events based on the type and select or deselect the ones you want to collect. You can also add other event types in the same section. 
7. The Event Parameter section will be enabled after you select an event. You can select your events' parameters through the dropdown that you want to send your destination (S3).
To select the journey event’s name parameter, you need to use journey_campaign_name as the event parameter's key.
8. You can select the additional attributes to be included in the data sent to the S3 platform. If you want to include additional attributes while sending the event data to your destination, you can add them here. For example, if you are sending an email open event, you can also select the email address to be sent to your destination. This way, you can understand which email address opened which email campaign.
9. In the Launch step, you can adjust your sync frequency and activate your campaign. Once the campaign is activated, you will see a CSV file in your specified bucket.
You will see an event on Insider One in the CSV file if an anonymous user has an event.
If a user is created and then deleted within the sync period, that user can still be seen in the CSV file.
When creating a new S3 integration or editing an existing one, Insider One performs an automated test to verify the integration's functionality by placing a test file in the specified S3 bucket.
If the provided AWS credentials lack the necessary permissions to delete objects, the test file cannot be removed and will remain in the bucket after the test.
This occurs only once during the activation of the S3 integration. If needed, you can manually delete the test file.
If your Amazon S3 integration encounters a Credential Error, the integration will pause automatically, and no new data will be delivered until the issue is resolved.
Once you fix the error, note that the file names might change. This happens because files will follow the current timestamp sequence from the moment the integration resumes.
What are the Amazon S3 integration details?
Integration Type
Event Export. This integration involves exporting event data.
File Format
{partner}{export_type}{integration_id}{start_date}{end_date}.csv
{partner}: Placeholder for the partner involved in the integration.
{export_type}: Indicates the type of export (e.g., events).
{integration_id}: Integration id
{start_date}: Start date of the exported data range (Unix Timestamp Format).
{end_date}: End date of the exported data range (Unix Timestamp Format).
The exported file will be in CSV (Comma-Separated Values) format. You can see an example file below:
Export Periods
Specify the intervals at which data will be exported.
Based on your reporting or analysis needs, you can choose export periods of 1, 2, 4, 6, 12, or 24 hours.
The Raw Export logs events based on their actual timestamp, regardless of when they are recorded in the User Content Database (UCD). In contrast, the S3 Export captures events within specific intervals, like the past hour, according to their UCD entry time. For example, the event counts displayed on the Metadata Analytics page represent all transmissions sent to UCD. Sending the same event 100 times results in only one entry in the database, but shows a transmission count of 100 on the page, while Raw Export will show only 1.
If an event was timestamped three days ago but sent today, it will appear in S3 Export, like the last hour, based on the current transmission timeframe.
How can I pause the Amazon S3 integration?
To pause the Amazon S3 integration,
Go to your Amazon S3 Integration’s Launch step.
Select the Activation Status as Paused and click the Save as Paused button.
