Storing data in your cloud

Hightouch stores your query results in an encrypted Amazon S3 bucket. If you would like more control over your data, you can host a S3 bucket in your own cloud.

1. Create your S3 bucket

In AWS, create your S3 bucket. We recommend the name <company>-hightouch

Make sure to:

  • Block all public access to the bucket

  • Enable Amazon S3 key encryption (SSE-S3)

  • Disable bucket versioning

2. Grant Hightouch access to your Bucket

Contact the Hightouch team to get your unique IAM user.

Hightouch will connect to your bucket via a unique IAM user. Contact the Hightouch team to get the ARN for this user.

Once you have the ARN, grant it access via the following policy

{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal": {
"AWS": "<HIGHTOUCH IAM USER>"
},
"Action":[
"s3:ListBucket"
],
"Resource":"arn:aws:s3:::<YOUR BUCKET NAME>"
},
{
"Effect":"Allow",
"Principal": {
"AWS": "<HIGHTOUCH IAM USER>"
},
"Action":[
"s3:PutObject",
"s3:GetObject"
],
"Resource":"arn:aws:s3:::<YOUR BUCKET NAME>/*"
}
]
}

You can create the policy in the AWS console

3. Configure your bucket in Hightouch

Access the configuration settings in the "Security" tab at https://app.hightouch.io/settings.

Once you save your settings, your new syncs will automatically start using your bucket. Run a sync to test it out!

‚Äč