Set up a project in Amazon S3

You can automatically export your raw user data to an Amazon Web Services (AWS) S3 bucket with Adjust's cloud storage uploads. There are two options for authentication:

  • IAM user-based authentication
  • IAM role-based authentication

To set up cloud storage uploads to your Amazon S3 bucket, you’ll need:

  • Bucket name
  • Access key ID and Secret access key (For IAM user based authentication)
  • IAM role ARN (For IAM role based authentication)

Set up your S3 bucket

  1. In the AWS Management Console, create a dedicated S3 bucket to store your exported data.
  2. Make a note of the bucket name: You'll need it to configure permissions and connect it to your app in Adjust Suite > AppView > Data Management > Cloud storage upload.
  3. Choose your authentication method:

Option A: IAM user-based authentication

  1. Create a new IAM user

    • Give the user programmatic access.
    • Use this user only for accessing the S3 bucket created for data export.
  2. Copy the Access Key ID and Secret Access Key, and store them safely. You’ll need these to connect the bucket in the Adjust dashboard.

  3. Attach an inline policy to the IAM user with the following permissions:

    • Follow the steps under "To embed an inline policy for a user (console)" in the AWS documentation.
    • Select the JSON tab and paste the policy below, replacing YOUR-BUCKET-NAME-HERE with your actual bucket name:
{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Effect": "Allow",
     "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
     "Resource": ["arn:aws:s3:::YOUR-BUCKET-NAME-HERE"]
   },
   {
     "Effect": "Allow",
     "Action": ["s3:PutObject"],
     "Resource": ["arn:aws:s3:::YOUR-BUCKET-NAME-HERE/*"]
   }
 ]
}
Important:
Replace YOUR-BUCKET-NAME-HERE with your bucket name.

Option B: IAM role-based authentication

  1. Create a new IAM policy:
    • In the AWS Management Console, navigate to IAM > Policies.
    • Select Create policy.
    • Switch to the JSON tab and paste the following policy. Be sure to replace YOUR-BUCKET-NAME-HERE with the name of your S3 bucket.
{
 "Version": "2012-10-17",
 "Statement": [
   {
     "Effect": "Allow",
     "Action": ["s3:GetBucketLocation", "s3:ListBucket"],
     "Resource": ["arn:aws:s3:::YOUR-BUCKET-NAME-HERE"]
   },
   {
     "Effect": "Allow",
     "Action": ["s3:PutObject"],
     "Resource": ["arn:aws:s3:::YOUR-BUCKET-NAME-HERE/*"]
   }
 ]
}
Important:
Replace YOUR-BUCKET-NAME-HERE with your bucket name.
  1. Create a new IAM role: Next, create an IAM role that Adjust can assume to access your bucket.
    • In the AWS Management Console, navigate to IAM > Roles.
    • Select Create role.
    • For the trusted entity type, choose Custom trust policy.
    • In the Custom trust policy text box, paste the following JSON. This policy establishes a trust relationship with Adjust's AWS account.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::555456986421:user/adjust-s3-csv-uploader"
            },
            "Action": [
                "sts:TagSession",
                "sts:AssumeRole"
            ]
        }
    ]
}
  1. Configure permissions:

    • Select Next.
    • On the Add permissions page, search for and select the IAM policy you created in the previous step (e.g., adjust-s3-access-policy).
    • Select Next.
    • Give the role a descriptive name (e.g., adjust-s3-access-role).
    • Review the details and select Create role.
  2. Copy the Role ARN: Once the role is created, you will need its Amazon Resource Name (ARN) to complete the setup in the Adjust dashboard.