Decide what method to use

  • SFTP (your server or our server)
  • Amazon S3 (your bucket or our bucket)

SFTP - our server

If you want Faraday to deliver to an SFTP server we control, and then you connect to it and download from there, just let your CSM know.

SFTP - your server

Create an SFTP user for us and give us write access to a folder where we will drop the files.
Enter our login details at https://app.faraday.io/settings/integrations. Do not email us the details - use this link.
Here is our SSH public key - this is the preferred method: 

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvazv4Do/Md0OWYxkZBFiKgVDFsTptDdchYapqbvcmIo+0QtKRjQalypKXpKm1ZeBlqyvSg4wND9C05q5ojbsUnZYWuEot8YJf8z5w6CVpJwEDto+jEjjPiYnuO6lpmXkDJG4UGFIcDP2A+x/zB6Os14xLgWZ4MijbyPbV5m0I+JBVmYkjGT1RQIKxWIvilqEB5aChdgYUOIV1pkefR9Ztt5qhiX1HUKvQuGOvBp1880ycbJdaCzuDCQwipXdsM6WLLIRm4tHETE9nGw8kf3nwKzA2h+6eEpzQU7dj/Jfzpef9N1T/Q8PuEIwRp4ZhK2+Rn58eQUr/ftKmLNdqRhQxNrIrrGUt72xVi62G38qSoTXJMA3qq8Xo8H/9BcEumk1hK9C+UNV65mjyi0+ZdbcvIVfAYKszL1xpas486immPiq8EedC45C5eTmQf2jyB5er4D0Wh83otuUVo+drGayw96/lidlyGJ91nosSQfZaAokP+dFxagy6OM0kW+9YCe3gEM/qACuob3voRbiDltoYO+ybXxivbNtWgRJGktHD4KZZNZeFtleMqabusOgy22QRvLDfm6AJDLwTXoh4jWeohZR8O7xKVWhx+MVffzU14EPSRklZBDQBfY/3RgNUTO1cWYtfC7cCEGZUZCp0AuZ7DiYuNhflqYpNrHodkYfHyQ== Faraday outgoing SFTP

Amazon S3 - our bucket 

If you want Faraday to deliver to an S3 bucket that we control, just tell your CSM and we'll get it set up for you. 

Amazon S3 - your bucket 

Let's assume you are Acme, Inc. and you own an Amazon S3 bucket called

s3://acme-faraday-interchange

Use the bucket policies below (there are 2, you have to choose one) to grant access to Faraday's account id 113233973114 and service account deliver_s3 .
Once you're done, tell us what region your bucket is in via https://app.faraday.io/settings/integrations. Don't provide an AWS access key, you already gave us access via the service account.

Bucket policy for Faraday-only buckets

If this bucket is only going to be used by Faraday, use a bucket policy like this:

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ]
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*"
    }
  ]
}

Bucket policy for shared buckets

If you are giving us access to a bucket that is shared by other users/vendors/etc (for example, if you are using Snowflake), use a policy like this. As you can see, we restrict s3:ListBucket and other actions to our folder only: 

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ],
      "Condition": {
        "StringLike": {
          "s3:prefix": [
            "faraday/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*"
    }
  ]
}
Did this answer your question?