Setting up authentication

Overview

All supported third-party services require some form of authentication to accept Fuse's external requests. In Fuse, this authentication information is used to create the integrations (see Add an Integration (Admin) for more) that the Integration modules use to access your solutions.

This page describes how to set up authentication for all Fuse-supported third-party services.

NOTE: The following assumes that you have already created an appropriate account and working solution on one of Fuse's supported third-party services.

Authentication setup guides

Google Dialogflow

What you need to set up:

  1. A service account.

  2. A service account key.

Setup steps:

See the guided steps in the expandable box below.

(Click to expand) Creating a service account and service account key.

Start

Log into your Google Cloud account and follow the steps below.

Step 1: Create a service account

Source: Create a service account and download the private key file (Google documentation)

  1. In the console, go to the Create service account page.

  2. Select your project.

  3. In the Service account name field, enter a name. The console fills in the Service account ID field based on this name.

    • In the Service account description field, enter a description. For example, Service account for quickstart.

  4. Click Create and continue.

  5. To provide access to your project, grant the following role(s) to your service account: Project > Owner.

    • In the Select a role list, select a role.

    • For additional roles, click add Add another role and add each additional role.

    • Note: The Role field affects which resources your service account can access in your project. You can revoke these roles or grant additional roles later. In production environments, do not grant the Owner, Editor, or Viewer roles. Instead, grant a predefined role or custom role that meets your needs.

  6. Click Continue.

  7. Click Done to finish creating the service account.

    • Do not close your browser window. You will use it in the next step.

Step 2: Create a service account key

Source: Create a service account key, Console tab steps (Google documentation)

  1. In the console, go to the Service accounts page.

  2. Select a project.

  3. On the Service accounts page, click the email address of the service account that you want to create a key for.

  4. Click the Keys tab.

  5. Click the Add key drop-down menu, then select Create new key.

  6. Select JSON as the Key type and click Create.

    • Clicking Create downloads a service account key file. After you download the key file, you cannot download it again.

    • The downloaded key has the following format, where PRIVATE_KEY is the private portion of the public/private key pair:

Service account key format:
{
  "type": "service_account",
  "project_id": "PROJECT_ID",
  "private_key_id": "KEY_ID",
  "private_key": "-----BEGIN PRIVATE KEY-----\nPRIVATE_KEY\n-----END PRIVATE KEY-----\n",
  "client_email": "SERVICE_ACCOUNT_EMAIL",
  "client_id": "CLIENT_ID",
  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
  "token_uri": "https://accounts.google.com/o/oauth2/token",
  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/SERVICE_ACCOUNT_EMAIL"
}

Done!

You now have all of the necessary authentication set up for Dialogflow integrations.

All done?

You will use your service account key's JSON in Fuse when creating an integration for your Dialogflow agent. See Add an Integration (Admin) for more information.

IMPORTANT! Keep your service account key in a secure location as with any sensitive authentication information.

Amazon DynamoDB

What you need to set up:

  • An IAM user configured with

    1. programmatic access to AWS.

    2. an IAM policy that permits Fuse to perform all available DynamoDB operations.

    3. An access key ID and secret access key.

Setup steps:

See the guided steps in the expandable box below.

(Click to expand) Creating an IAM policy, user, and security credentials for DynamoDB.

Start

Log into your AWS account and follow the steps below.

Step 1: Create an IAM policy for DynamoDB

Source: Creating IAM policies (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To use the JSON policy editor to create a policy. Complete steps 1 through 4.

  2. In step 5, paste or enter the sample IAM policy provided in the code block below. Replace the placeholders in line 15 with your information as described in the notes above the code block.

  3. Complete the remaining steps as directed. Note the name of this IAM policy for later steps.

You can now move on to applying this policy to an IAM user.

IAM Policy for Amazon DynamoDB

As of this writing (8/5/22), the sample IAM policy below defines the minimum necessary IAM user permissions needed for Fuse to perform all supported DynamoDB operations.

You can use and adapt this IAM policy for your DynamoDB integrations.

Prerequisites

Before using the below IAM policy, replace the placeholders in line 15 with your information as follows:

  • {region}: Replace with one or more AWS regions where your solution exists. Example: us-east-1

  • {account_id}: Replace with the one or more account IDs for your AWS accounts with DynamoDB solutions.

  • {table-name}: Replace with one or more DynamoDB table names.

IAM Policy: Amazon DynamoDB
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FuseDynamoDBIntegration",
            "Effect": "Allow",
            "Action": [
                "dynamodb:DescribeTable",
                "dynamodb:ListTables",
                "dynamodb:PartiQLSelect",
                "dynamodb:PartiQLUpdate",
                "dynamodb:PartiQLInsert"
            ],
            "Resource": [
            	"arn:aws:dynamodb:{region}:{account_id}:table/{table_name}"
            ]
        }
    ]
}

Additional notes

  • When entering for {region}, {account_id}, and {table-name} resources:

    • Wildcard(*) name references are allowed. Example: us-east-* for any US East region in AWS.

    • You can specify multiple resources in comma-delimited format. Example: us-east-1,us-east-2,eu-west-1

Step 2: Apply the IAM policy to an IAM user

You can apply your IAM policy for DynamoDB to either a new IAM user or an existing one. If you have an existing, separate IAM user available for use with integrations, go to Add IAM policy to an existing user. Otherwise, begin at Create a new IAM user below.

Create a new IAM user

Source: Creating IAM users (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To create one or more IAM users (console). Complete steps 1-3.

  2. In step 4, select the Programmatic access checkbox. Complete steps 4 and 5.

  3. In step 6, select the Attach existing policies directly option, and select the IAM policy that you created previously in Step 1: Create an IAM policy for DynamoDB.

  4. Complete the remaining steps through step 8.

You can now move on to creating an access key and secret key.

Add IAM policy to an existing user

Source: Adding permissions to a user (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled Adding permissions by attaching policies directly to the user. Complete steps 1-3.

  2. In step 4, select the IAM policy that you created previously in Step 1: Create an IAM policy for DynamoDB.

  3. Complete the remaining steps through step 5.

You can now move on to creating an access key and secret key.

Step 3: Create an access key ID and secret access key for the IAM user

Source: Managing access keys (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To create, modify, or delete another IAM user's access keys (console). Complete all steps (1-4).

  2. Keep the access and secret key file in a secure location. Note that the secret access key can only be retrieved when the key is created.

Done!

You now have all of the necessary authentication set up for Amazon DynamoDB integrations.

All done?

You will use the access key and secret key in Fuse when creating any integration(s) for your DynamoDB table(s). See Add an Integration (Admin) for more information.

IMPORTANT! Keep your access and secret keys in a secure location as with any sensitive authentication information.

AWS S3

What you need to set up:

  • An IAM user configured with

    1. programmatic access to AWS.

    2. an IAM policy that permits Fuse to perform all available S3 operations.

    3. An access key ID and secret access key.

Setup steps:

See the guided steps in the expandable box below.

(Click to expand) Creating an IAM policy, user, and security credentials for AWS S3.

Start

Log into your AWS account and follow the steps below.

Step 1: Create an IAM policy for S3 access

Source: Creating IAM policies (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To use the JSON policy editor to create a policy. Complete steps 1 through 4.

  2. In step 5, paste or enter the sample IAM policy provided in the code block below. Replace the placeholders in lines 13 and 14 with the ARN(s) of your own S3 bucket(s) as described in the notes below.

  3. Complete the remaining steps as directed. Note the name of this IAM policy for later steps.

You can now move on to applying this policy to an IAM user.

IAM Policy for AWS S3

As of this writing (8/5/22), the sample IAM policy below defines the minimum necessary IAM user permissions needed for Fuse to perform all supported S3 operations.

You can use and adapt this IAM policy for your S3 integrations.

Prerequisites

Before using the below IAM policy, replace the placeholders in lines 13 and 14 with the ARN(s) of your own S3 bucket(s):

IAM Policy: AWS S3
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "FuseIntegrationS3Access0",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:ListBucket"
            ],
            "Resource": [
                "arn:aws:s3:::fuse*",
                "arn:aws:s3:::fuse*/*"
            ]
        },
        {
            "Sid": "FuseIntegrationS3Access1",
            "Effect": "Allow",
            "Action": "s3:ListAllMyBuckets",
            "Resource": "*"
        }
    ]
}

Step 2: Apply the IAM policy to an IAM user

You can apply your IAM policy for S3 to either a new IAM user or an existing one. If you have an existing, separate IAM user available for use with integrations, go to Add IAM policy to an existing user. Otherwise, begin at Create a new IAM user below.

Create a new IAM user

Source: Creating IAM users (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To create one or more IAM users (console). Complete steps 1-3.

  2. In step 4, select the Programmatic access checkbox. Complete steps 4 and 5.

  3. In step 6, select the Attach existing policies directly option, and select the IAM policy that you created previously in Step 1: Create an IAM policy for S3 access.

  4. Complete the remaining steps through step 8.

You can now move on to creating an access key and secret key.

Add IAM policy to an existing user

Source: Adding permissions to a user (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled Adding permissions by attaching policies directly to the user. Complete steps 1-3.

  2. In step 4, select the IAM policy that you created previously in Step 1: Create an IAM policy for S3 access.

  3. Complete the remaining steps through step 5.

You can now move on to creating an access key and secret key.

Step 3: Create an access key ID and secret access key for the IAM user

Source: Managing access keys (console) (AWS documentation)

  1. In the provided AWS documentation above, go to the section titled To create, modify, or delete another IAM user's access keys (console). Complete all steps (1-4).

  2. Keep the access and secret key file in a secure location. Note that the secret access key can only be retrieved when the key is created.

Done!

You now have all of the necessary authentication set up for AWS S3 integrations.

All done?

You will use the access key and secret key in Fuse when creating any integration(s) for your S3 bucket(s). See Add an Integration (Admin) for more information.

IMPORTANT! Keep your access and secret keys in a secure location as with any sensitive authentication information.

PreviousIntegrationNextDialogflow

Last updated