Set up Managed Identity Authentication in Connections UI
Overview
Cinchy supports Managed Identity authentication for Azure Blob Storage to retrieve files from Cloud storage.
For further information, please see the Microsoft documentation on Authorize requests to Azure Storage.
Prerequisites
- Administrative access to Microsoft Azure.
- Delimited source connector availability in Cinchy.
Set up Azure authentication in Connections UI
Initiate App Registration
- Go to Azure Active Directory in the Azure Portal.
- Select App registrations from the left-hand management bar.
- Register a new application and select Accounts in this organizational directory only for the account type.
Generate Client Secret
- Under the app registration, navigate to Certificates & Secrets.
- Create a new client secret. Copy the secret value for later use.
caution
The secret value only appears once. If you don't save the value, you must recreate a new client secret
Record Application and Tenant IDs
- Go to the App Overview.
- Note the Application (client) ID and Directory (tenant) ID.
Granting Access to Azure Blob Storage
Navigate to the Storage Account
- Access the Azure Portal and go to your storage account's Blob Storage container.
- If a container doesn't exist, you must create one.
Assign the Appropriate Role
- Inside the container settings, click on Access Control (IAM) on the left-hand menu.
- Select +Add and choose Add role assignment.
- Pick the Storage Blob Data Contributor role to allow the Cinchy integration to interact with storage.
Select the Cinchy Integration Application
- Keep the default User, group, or service principal for the type of access.
- Click on + Select members, search for, and select the previously created Cinchy integration application.
Review and Assign Access
- Click Review + assign to finalize the role assignment.
- The Cinchy application should now have the necessary permissions to access your Azure Blob Storage.
Configure Cinchy for Azure Blob Storage
Configure your connection
- In Cinchy Connections UI, set up a Delimited File (Azure).
Input Credentials
- Enter the
Tenant ID,Client Secret,Client ID, andStorage Service URLfrom Azure app registration.
Finalize Authentication
- Use these credentials to authenticate your Azure Blob Storage.
Set up Amazon authentication in Connections UI
Cinchy also supports Amazon S3 to retrieve files from cloud storage. This section details the steps to configure S3 as a source in the Cinchy platform.
For additional information, consult the AWS documentation on Amazon S3 authentication.
Prerequisites
- Administrative access to AWS.
- Delimited source connector availability in Cinchy.
Configuring S3 in AWS
Create or Select an S3 Bucket
- Log into the AWS Management Console.
- Navigate to the S3 service and either create a new bucket or select an existing one.
Obtain Access Credentials
- Go to the IAM (Identity and Access Management) service in the AWS Console.
- Create a new IAM user or select an existing one.
- Under the Security credentials tab, create a new Access Key ID and Secret Access Key.
- Copy the Access Key ID and Secret Access Key for later use.
caution
The Secret Access Key is only shown once. If you don't save it, you will need to generate a new one.
Assign Proper Permissions to the IAM User
- Ensure the IAM user has the required permissions to access the S3 bucket.
- Assign policies like
AmazonS3FullAccessor custom policies tailored to your security requirements.
Configure Cinchy for Amazon S3
Configure your connection
- In Connections UI, set up a file-based source.
Input S3 Credentials
- Enter the following details for S3 configuration:
Region: The AWS region of your S3 bucket.Bucket: The name of the S3 bucket.Filename: The name of the file in the S3 bucket.Auth Type: The authentication method used (typically 'AccessKey').Access Key ID: The IAM user's access key ID.Secret Access Key: The IAM user's secret access key.
Finalize Authentication
- Use these credentials to authenticate your Amazon S3 storage with Cinchy.