The first step when helping a customer set-up AWS credentials is to ask their IT department if they have:
Keys for a user with TranslateFullAccess and AmazonS3FullAccess policies
An S3 bucket that user has access to
If the customer does not have a keys for a user with that information or a bucket. Someone from their IT department will have to do the following:
Create a new user
Search for IAM and select IAM.
Select Users, “Create User”
You do not need to select “Provide user access to the AWS Management Console”
Attach policies directly
AmazonTextractFullAccess (OCR Only)
AmazonTranscribeFullAccess (ASR only)
Now click Create User
Search for the user created in the previous step and select
Click Security credentials
Click “Create access key”
Select Third-party service, select Next
Name the key
Download .csv file this is your “AWS Access Key ID” and “AWS secret access key”. You will not be able to recreate the .csv
Create AWS data access ARN
Search for the user you created in “Create user” steps
Click into the user
Scroll down to Permissions policies
The ARN will be on the top right
Create S3 Bucket
Type in S3 in bar
Choose an AWS region
We reccommend US-EAST-1
Select a General purpose
Name the bucket
Unselect “block public access”
Disable Bucket versioning
(Optional) we recommend that you add a LILT tag, so that you can track your usage
Click create the bucket
Enter this bucket name into LILT’s Amazon credentials, and select the region the Bucket is assigned
Q: Which Amazon Translate actions do I need to include in the IAM policy?
A: Translate, S3 bucket
Q: Do specific resource types need to be indicated in the policy or the ARN?
A: Ideally yes, you would create a very specific IAM. Without specific resource types, someone could have more or less privileges than what you want on your AWS account.
Q: For the ARN, we need more information about what exactly is required. Is this for encryption?
A: No it is to access translate client, S3, and other resources needed for translation.
Q: What happens if we turn on the “Use Terminology” option? Will this create a terminology resource in AWS with our Lilt glossary/TB or the other way around (it will use custom terminology already uploaded to AWS)?
A: LILT will send the terminology from the data source to AWS, and the terminology will be used in AWS.