Overview
  • 27 May 2025
  • Dark
    Light
  • PDF

Overview

  • Dark
    Light
  • PDF

Article summary

To connect Dataloop with your AWS environment, several integration methods are available, each offering a different balance of security, control, and ease of setup. The three most common types are Cross-Account, STS (Security Token Service), and Access Key integrations. Choosing the right method depends on your use case, security requirements, and operational preferences. Below is a breakdown of each integration type to help guide your implementation.

Who can create?

Only users with the Organization Admin or Owner roles are authorized to create integrations. Learn more


1. Cross-Account Integration

Security Level: ⭐⭐⭐⭐⭐ (High)

Cross-Account integration allows Dataloop to assume a role in your AWS account via AWS Identity and Access Management (IAM), without sharing long-term credentials. You configure a trust relationship that grants limited, controlled access to specific resources. We recommend selecting Cross-Account as the integration type. It is AWS’s most secure option and provides enhanced protection for your data.

🔑 Setup Includes:

  • An IAM Role in your AWS account.
  • A Trust Policy allowing the Dataloop AWS account to assume that role.
  • Use of an IAM Role ARN only — no need to share secrets.

✅ Best For:

  • Enterprise environments
  • Fine-grained access control
  • Auditable, temporary credentials

2. STS Integration

Security Level: ⭐⭐⭐☆☆ (Moderate)

AWS STS (Security Token Service) provides temporary credentials by allowing a trusted client (Dataloop) to assume a role using API calls. This setup usually involves:

  • Supplying an Access Key, Secret Key, and Role ARN.
  • Dataloop uses the credentials to call AWS STS, which returns short-lived tokens.

🔑 Setup Includes:

  • IAM User credentials (Access Key + Secret)
  • Target IAM Role with necessary permissions
  • Role ARN to be assumed using AssumeRole

✅ Best For:

  • Use cases requiring temporary, scoped access
  • Intermediate security setups
  • Scenarios where Cross-Account isn't feasible

3. Access Key Integration

Security Level: ⭐☆☆☆☆ (Low)

The simplest form of integration — where long-term AWS credentials (Access Key ID and Secret Access Key) are provided directly to Dataloop. While easy to set up, it presents higher risk if credentials are mishandled.

🔑 Setup Includes:

  • IAM User with necessary permissions
  • Access Key ID
  • Secret Access Key

⚠️ Considerations:

  • Credentials are long-lived unless rotated manually.
  • Higher risk of unauthorized access if leaked.
  • Best used in non-production or isolated environments.

✅ Best For:

  • Quick testing or prototyping
  • Limited-scope or temporary environments