Monitor: What is it?

Faraday has a service called Monitor that will automate delivery on a schedule and push to this destination type (S3). If you're interested in having this process automated, talk to your Account Manager and we'll get this set up for your insights deliveries.

First, you can decide what method to use for this setup

  • Amazon S3 (your bucket or our bucket)

  • SFTP (your server or our server)

Amazon S3 - our bucket 

If you want Faraday to deliver to an S3 bucket that we control, just tell your CSM and we'll get it set up for you. We will let you know what the bucket name is and you can input an inline policy for your IAM user in the following manner (example showing if our bucket name was "acme_from_faraday"):

{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"s3:GetBucketLocation"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::acme_from_faraday"
]
},
{
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:GetObjectAcl",
"s3:GetObjectVersion"
],
"Resource": [
"arn:aws:s3:::acme_from_faraday/*"
]
}
]
}

Amazon S3 - your bucket 

Let's assume you are Acme, Inc. and you own an Amazon S3 bucket called

s3://acme-faraday-interchange

Use the bucket policies below (there are two, you have to choose one) to grant access to Faraday's account id 113233973114 and service account deliver_s3 .
Once that is complete, we just need to know what region your bucket is in.

Note: you will not need to provide an AWS access key - you already gave us access via the service account.

Bucket policy for Faraday-only buckets

If this bucket is only going to be used by Faraday, use a bucket policy like this:

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ]
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/*"
    }
  ]
}

Bucket policy for shared buckets

If you are giving us access to a bucket that is shared by other users/vendors/etc (for example, if you are using Snowflake), use a policy like this. As you can see, we restrict s3:ListBucket and other actions to our folder only: 

{
  "Version": "2012-10-17",
  "Id": "FaradayAccessToBucket",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:ListBucket"
      ],
      "Resource": [
        "arn:aws:s3:::acme-faraday-interchange"
      ],
      "Condition": {
        "StringLike": {
          "s3:prefix": [
            "faraday/*"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:PutObject",
        "s3:PutObjectAcl"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*",
      "Condition": {
        "StringEquals": {
          "s3:x-amz-acl": "bucket-owner-full-control"
        }
      }
    },
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::113233973114:user/deliver_s3"
      },
      "Action": [
        "s3:GetObject",
        "s3:GetObjectAcl",
        "s3:GetObjectVersion"
      ],
      "Resource": "arn:aws:s3:::acme-faraday-interchange/faraday/*"
    }
  ]
}

SFTP - our server

If you want Faraday to deliver to an SFTP server we control, and then you connect to it and download from there, just let your Account Manager know. Faraday will require your SSH public key in order to provision it with access to the S3 bucket on our server.

SFTP - your server

Create an SFTP user for us and give us write access to a folder where we will drop the files.

You will need our SSH public key - this is the preferred method:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvazv4Do/Md0OWYxkZBFiKgVDFsTptDdchYapqbvcmIo+0QtKRjQalypKXpKm1ZeBlqyvSg4wND9C05q5ojbsUnZYWuEot8YJf8z5w6CVpJwEDto+jEjjPiYnuO6lpmXkDJG4UGFIcDP2A+x/zB6Os14xLgWZ4MijbyPbV5m0I+JBVmYkjGT1RQIKxWIvilqEB5aChdgYUOIV1pkefR9Ztt5qhiX1HUKvQuGOvBp1880ycbJdaCzuDCQwipXdsM6WLLIRm4tHETE9nGw8kf3nwKzA2h+6eEpzQU7dj/Jfzpef9N1T/Q8PuEIwRp4ZhK2+Rn58eQUr/ftKmLNdqRhQxNrIrrGUt72xVi62G38qSoTXJMA3qq8Xo8H/9BcEumk1hK9C+UNV65mjyi0+ZdbcvIVfAYKszL1xpas486immPiq8EedC45C5eTmQf2jyB5er4D0Wh83otuUVo+drGayw96/lidlyGJ91nosSQfZaAokP+dFxagy6OM0kW+9YCe3gEM/qACuob3voRbiDltoYO+ybXxivbNtWgRJGktHD4KZZNZeFtleMqabusOgy22QRvLDfm6AJDLwTXoh4jWeohZR8O7xKVWhx+MVffzU14EPSRklZBDQBfY/3RgNUTO1cWYtfC7cCEGZUZCp0AuZ7DiYuNhflqYpNrHodkYfHyQ== Faraday outgoing SFTP

Sending credentials securely to Faraday:

Go to the Faraday app’s Destinations console, click Create destination at the top.

  1. Search for CSV on Amazon S3 as a Destination location, enter a descriptive name, and click Next.

  2. Enter your credentials here, and click Next.

    examples (yours may differ):

    • Whether to gzip: Yes/No

    • Client-provided AWS bucket: acme-faraday-interchange

    • Client-provided AWS region: us-east-1

    • Filename prefix with optional strfdate string (optional): Faraday_insights_%Y%m%d

    • Name of file to create (optional): (we will work with your suggestion)

    • Client-provided directory: from_faraday/ - (alternatively this can be included in the Filename prefix)

    • Whether to quote all fields with double quotes: Yes/No

    • Omit delivery ID (and fdysec) from filename: `filename` param MUST be specified in this case: Yes/No (but if "Yes" then you'll need to fill out the "Filename prefix" field)

      Note: for the last option, we normally send out deliveries in this format, which can be overridden:

      fdysec_delivery_e538f7s4.csv

      The thought is that perhaps you wanted something more descriptive - and you can!

  3. Under Finalize, click Create destination.

Did this answer your question?