Get Imply role ARN to grant access to AWS resources

info

Project-less regional API resources have been deprecated and will be removed by the end of September 2024.

You must include the project ID in the URL for all regional API calls in projects created after September 29, 2023. For example: https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID

Projects created before September 29, 2023 can continue to use project-less URLs until the end of September 2024. We strongly recommend updating your regional API calls to include the project ID prior to September 2024. See the API migration guide for more information.

When you create connections to an Amazon resource, such as MSK, Kinesis, or S3, you designate the Amazon Resource Name (ARN) of a role in your account with the permissions to access your data. Imply has a separate AWS IAM role that assumes your role in order for Polaris to access the data for ingestion. For Imply's role to assume your role, you designate the ARN of Imply's role as a principal in your role's trust policy.

For more information, see the AWS documentation on AssumeRole and trust policies.

See the following for details on required information to create connections:

• Ingest from Kafka and Amazon MSK
• Ingest from Amazon Kinesis
• Ingest from Amazon S3

Get Imply role details

When you create a connection to an AWS resource, Polaris provides an ARN of the Imply AWS IAM role that will assume the role you designate in the connection. To grant Imply access to your data, include this ARN with the AssumeRole permission in a trust policy attached to your role.

In addition, you also get an external ID that you can use in your trust policy to control role assumption. For more information and example trust policies, see Secure connections to AWS.

Sample request

The following example shows how to send a GET request to the /v1/projects/PROJECT_ID/connectionsMeta endpoint to get the Imply role details:

cURL

curl --location --request GET "https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID/connectionsMeta" \
--user ${POLARIS_API_KEY}:

Python

import requests

url = "https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID/connectionsMeta"

apikey = os.getenv("POLARIS_API_KEY")

payload={}
headers = {
  'Authorization': f'Basic {apikey}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Sample response

A successful request returns a 200 OK response and a response similar to the following example:

{
  "implyArn": "arn:aws:iam::012345678901:role/imply-cluster-3b538a72-844f-4a09-883d-xxxxxxxxxxxx",
  "externalId": "22e65534-d088-4858-8b1e-xxxxxxxxxxxx"
}

Learn more

See the following topics for more information:

• Secure connections to AWS
• Create a connection