Decide what method to use

  • SFTP (your server or our server)
  • Amazon S3 (your bucket or our bucket)

SFTP - our server

If you want Faraday to deliver to an SFTP server we control, and then you connect to it and download from there, just let your CSM know.

SFTP - your server

Create an SFTP user for us and give us write access to a folder where we will drop the files.
Enter our login details at https://app.faraday.io/settings/integrations. Do not email us the details - use this link.
Here is our SSH public key - this is the preferred method: 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvazv4Do/Md0OWYxkZBFiKgVDFsTptDdchYapqbvcmIo+0QtKRjQalypKXpKm1ZeBlqyvSg4wND9C05q5ojbsUnZYWuEot8YJf8z5w6CVpJwEDto+jEjjPiYnuO6lpmXkDJG4UGFIcDP2A+x/zB6Os14xLgWZ4MijbyPbV5m0I+JBVmYkjGT1RQIKxWIvilqEB5aChdgYUOIV1pkefR9Ztt5qhiX1HUKvQuGOvBp1880ycbJdaCzuDCQwipXdsM6WLLIRm4tHETE9nGw8kf3nwKzA2h+6eEpzQU7dj/Jfzpef9N1T/Q8PuEIwRp4ZhK2+Rn58eQUr/ftKmLNdqRhQxNrIrrGUt72xVi62G38qSoTXJMA3qq8Xo8H/9BcEumk1hK9C+UNV65mjyi0+ZdbcvIVfAYKszL1xpas486immPiq8EedC45C5eTmQf2jyB5er4D0Wh83otuUVo+drGayw96/lidlyGJ91nosSQfZaAokP+dFxagy6OM0kW+9YCe3gEM/qACuob3voRbiDltoYO+ybXxivbNtWgRJGktHD4KZZNZeFtleMqabusOgy22QRvLDfm6AJDLwTXoh4jWeohZR8O7xKVWhx+MVffzU14EPSRklZBDQBfY/3RgNUTO1cWYtfC7cCEGZUZCp0AuZ7DiYuNhflqYpNrHodkYfHyQ== Faraday outgoing SFTP

Amazon S3 - our bucket 

If you want Faraday to deliver to an S3 bucket that we control, just tell your CSM and we'll get it set up for you. We will let you know what the bucket name is and you can input an inline policy for your IAM user in the following manner (example showing if our bucket name was "acme_from_faraday"):

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::acme_from_faraday"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::acme_from_faraday/*"
]
}
]
}

Amazon S3 - your bucket 

Let's assume you are Acme, Inc. and you own an Amazon S3 bucket called

s3://acme-faraday-interchange

Use the bucket policies below (there are 2, you have to choose one) to grant access to Faraday's account id 113233973114 and service account deliver_s3 .
Once you're done, tell us what region your bucket is in via https://app.faraday.io/settings/integrations. Don't provide an AWS access key, you already gave us access via the service account.

Bucket policy for Faraday-only buckets

If this bucket is only going to be used by Faraday, use a bucket policy like this:

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ]
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*"
    }
  ]
}

Bucket policy for shared buckets

If you are giving us access to a bucket that is shared by other users/vendors/etc (for example, if you are using Snowflake), use a policy like this. As you can see, we restrict s3:ListBucket and other actions to our folder only: 

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ],
      "Condition": {
        "StringLike": {
          "s3:prefix": [
            "faraday/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*"
    }
  ]
}
Did this answer your question?