Contents x
    Overview
    • 01 May 2025
    • Print
    • Dark
      Light
    • PDF
    Contents

    Overview

    • Updated On 01 May 2025
    • Print
    • Dark
      Light
    • PDF
    Article summary

    To connect Dataloop with your AWS environment, several integration methods are available, each offering a different balance of security, control, and ease of setup. The three most common types are Cross-Account, STS (Security Token Service), and Access Key integrations. Choosing the right method depends on your use case, security requirements, and operational preferences. Below is a breakdown of each integration type to help guide your implementation.

    1. Cross-Account Integration

    Security Level: ⭐⭐⭐⭐⭐ (High)

    Cross-Account integration allows Dataloop to assume a role in your AWS account via AWS Identity and Access Management (IAM), without sharing long-term credentials. You configure a trust relationship that grants limited, controlled access to specific resources. We recommend selecting Cross-Account as the integration type. It is AWS’s most secure option and provides enhanced protection for your data.

    🔑 Setup Includes:

    • An IAM Role in your AWS account.
    • A Trust Policy allowing the Dataloop AWS account to assume that role.
    • Use of an IAM Role ARN only — no need to share secrets.

    ✅ Best For:

    • Enterprise environments
    • Fine-grained access control
    • Auditable, temporary credentials

    2. STS Integration

    Security Level: ⭐⭐⭐☆☆ (Moderate)

    AWS STS (Security Token Service) provides temporary credentials by allowing a trusted client (Dataloop) to assume a role using API calls. This setup usually involves:

    • Supplying an Access Key, Secret Key, and Role ARN.
    • Dataloop uses the credentials to call AWS STS, which returns short-lived tokens.

    🔑 Setup Includes:

    • IAM User credentials (Access Key + Secret)
    • Target IAM Role with necessary permissions
    • Role ARN to be assumed using AssumeRole

    ✅ Best For:

    • Use cases requiring temporary, scoped access
    • Intermediate security setups
    • Scenarios where Cross-Account isn't feasible

    3. Access Key Integration

    Security Level: ⭐☆☆☆☆ (Low)

    The simplest form of integration — where long-term AWS credentials (Access Key ID and Secret Access Key) are provided directly to Dataloop. While easy to set up, it presents higher risk if credentials are mishandled.

    🔑 Setup Includes:

    • IAM User with necessary permissions
    • Access Key ID
    • Secret Access Key

    ⚠️ Considerations:

    • Credentials are long-lived unless rotated manually.
    • Higher risk of unauthorized access if leaked.
    • Best used in non-production or isolated environments.

    ✅ Best For:

    • Quick testing or prototyping
    • Limited-scope or temporary environments
    What's Next