Setting up authentication

Start

Log into your Google Cloud account and follow the steps below.

Step 1: Create a service account

Source: (Google documentation)

1. In the console, go to the page.

2. Select your project.

3. In the Service account name field, enter a name. The console fills in the Service account ID field based on this name.

   • In the Service account description field, enter a description. For example, Service account for quickstart.

4. Click Create and continue.

5. To provide access to your project, grant the following role(s) to your service account: Project > Owner.

   • In the Select a role list, select a role.

   • For additional roles, click add Add another role and add each additional role.

   • Note: The Role field affects which resources your service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a or that meets your needs.

6. Click Continue.

7. Click Done to finish creating the service account.

   • Do not close your browser window. You will use it in the next step.

Step 2: Create a service account key

Source: (Google documentation)

1. In the console, go to the page.

2. Select a project.

3. On the Service accounts page, click the email address of the service account that you want to create a key for.

4. Click the Keys tab.

5. Click the Add key drop-down menu, then select Create new key.

6. Select JSON as the Key type and click Create.

   • Clicking Create downloads a service account key file. After you download the key file, you cannot download it again.

   • The downloaded key has the following format, where PRIVATE_KEY is the private portion of the public/private key pair:

{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "KEY_ID",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "CLIENT_ID",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}

Done!

You now have all of the necessary authentication set up for Dialogflow integrations.

Start

Log into your AWS account and follow the steps below.

Step 1: Create an IAM policy for DynamoDB

1. In the provided AWS documentation above, go to the section titled To use the JSON policy editor to create a policy. Complete steps 1 through 4.

3. Complete the remaining steps as directed. Note the name of this IAM policy for later steps.

You can now move on to applying this policy to an IAM user.

IAM Policy for Amazon DynamoDB

As of this writing (8/5/22), the sample IAM policy below defines the minimum necessary IAM user permissions needed for Fuse to perform all supported DynamoDB operations.

You can use and adapt this IAM policy for your DynamoDB integrations.

Prerequisites

Before using the below IAM policy, replace the placeholders in line 15 with your information as follows:

• {region}: Replace with one or more AWS regions where your solution exists. Example: us-east-1

• {account_id}: Replace with the one or more account IDs for your AWS accounts with DynamoDB solutions.

• {table-name}: Replace with one or more DynamoDB table names.

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FuseDynamoDBIntegration",
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeTable",
                "dynamodb:ListTables",
                "dynamodb:PartiQLSelect",
                "dynamodb:PartiQLUpdate",
                "dynamodb:PartiQLInsert"
            ],
            "Resource": [
            	"arn:aws:dynamodb:{region}:{account_id}:table/{table_name}"
            ]
        }
    ]
}

Additional notes

• When entering for {region}, {account_id}, and {table-name} resources:

  • Wildcard(*) name references are allowed. Example: us-east-* for any US East region in AWS.

  • You can specify multiple resources in comma-delimited format. Example: us-east-1,us-east-2,eu-west-1

Step 2: Apply the IAM policy to an IAM user

Create a new IAM user

1. In the provided AWS documentation above, go to the section titled To create one or more IAM users (console). Complete steps 1-3.

2. In step 4, select the Programmatic access checkbox. Complete steps 4 and 5.

4. Complete the remaining steps through step 8.

You can now move on to creating an access key and secret key.

Add IAM policy to an existing user

1. In the provided AWS documentation above, go to the section titled Adding permissions by attaching policies directly to the user. Complete steps 1-3.

3. Complete the remaining steps through step 5.

You can now move on to creating an access key and secret key.

Step 3: Create an access key ID and secret access key for the IAM user

1. In the provided AWS documentation above, go to the section titled To create, modify, or delete another IAM user's access keys (console). Complete all steps (1-4).

2. Keep the access and secret key file in a secure location. Note that the secret access key can only be retrieved when the key is created.

Done!

You now have all of the necessary authentication set up for Amazon DynamoDB integrations.

Start

Log into your AWS account and follow the steps below.

Step 1: Create an IAM policy for S3 access

1. In the provided AWS documentation above, go to the section titled To use the JSON policy editor to create a policy. Complete steps 1 through 4.

3. Complete the remaining steps as directed. Note the name of this IAM policy for later steps.

You can now move on to applying this policy to an IAM user.

IAM Policy for AWS S3

As of this writing (8/5/22), the sample IAM policy below defines the minimum necessary IAM user permissions needed for Fuse to perform all supported S3 operations.

You can use and adapt this IAM policy for your S3 integrations.

Prerequisites

Before using the below IAM policy, replace the placeholders in lines 13 and 14 with the ARN(s) of your own S3 bucket(s):

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FuseIntegrationS3Access0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::fuse*",
                "arn:aws:s3:::fuse*/*"
            ]
        },
        {
            "Sid": "FuseIntegrationS3Access1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}

Step 2: Apply the IAM policy to an IAM user

Create a new IAM user

1. In the provided AWS documentation above, go to the section titled To create one or more IAM users (console). Complete steps 1-3.

2. In step 4, select the Programmatic access checkbox. Complete steps 4 and 5.

4. Complete the remaining steps through step 8.

You can now move on to creating an access key and secret key.

Add IAM policy to an existing user

1. In the provided AWS documentation above, go to the section titled Adding permissions by attaching policies directly to the user. Complete steps 1-3.

3. Complete the remaining steps through step 5.

You can now move on to creating an access key and secret key.

Step 3: Create an access key ID and secret access key for the IAM user

1. In the provided AWS documentation above, go to the section titled To create, modify, or delete another IAM user's access keys (console). Complete all steps (1-4).

2. Keep the access and secret key file in a secure location. Note that the secret access key can only be retrieved when the key is created.

Done!

You now have all of the necessary authentication set up for AWS S3 integrations.