Our main delivery mechanism is using AWS S3 or S3-compatible storage. We provide two options:
For all storage hosted by ID5 our data retention policy expires data after 90 days.
We support CSV, JSON and Parquet, compressed with gzip.
We require these permissions for verification purposes:
We require these permissions for uploading:
Our account ARN is: arn:aws:iam::243105029713:root
Our canonical ID is: b90fe88135ddb53ec153d1501c68b85f631bcaf82e579b3ba58a960cee8e4911
We can handle either an entire bucket, or a specific prefix.
An example policy where you can allow access for ID5 would be the following:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::243105029713:root"
},
"Action": [
"s3:GetObject",
"s3:PutObject",
"s3:DeleteObject"
],
"Resource": [
"arn:aws:s3:::bucket-name/some/prefix/*"
]
},
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::243105029713:root"
},
"Action": [
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-name"
],
"Condition": {
"StringLike": {
"s3:prefix": [
"some/prefix/*"
]
}
}
}
]
}
For s3-compatible services, we require that the client sends us:
For integration with GCP, we require that the client generates HMAC keys with equivalent access to the storage. This takes advantage of the interoperability layer that GCP provides.
Azure does not provide first party s3-compatibility, but there are several open-source services that re-expose the API as s3-compatible.