Cloud storage (S3, GCP)

Terra allows you to connect an as a destination, to get all data dumped directly into a bucket of your choice.

Authentication

AWS

All AWS-based destinations follow the same authentication setup.

IAM User Access Key

The most basic way to allow Terra to write to your AWS resource is to with access limited to the resource you're trying to grant Terra access to. for access to the specific resource, (write access is generally the only one needed, unless specified otherwise)

Role-based access

In order to use role-based access, attach the following policy to your bucket:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "AWS": "arn:aws:iam::760292141147:role/EC2_Instance_Perms"
      },
      "Action": [
        "s3:GetObject",
        "s3:PutObject",
        "s3:DeleteObject"
      ],
      "Resource": "arn:aws:s3:::your-bucket-name/*"
    }
  ]
}

GCP

Data Structure

Versioned objects will be placed under the appropriate API version (in the screenshot above, this corresponds to 2022-03-16. Non versioned objects (e.g. authentication Events) will be placed in their appropriate event type folder, outside of the version folder

In all, every event will have as a parent folder the Event Type which it corresponds to, and will be saved with a unique name identifying it.

As shown above, the name will either be a concatenation of one of the below:

• For Data Events: the user ID & the start time of the period the event refers to

• For all other Event Types: the user ID & timestamp the event was generated at