S3 Bucket Configuration

Learn the configuration process for receiving SafeGraph places data on a monthly basis, as part of an enterprise license. Learn how to configure an S3 bucket for data delivery, enabling automatic data delivery as per your enterprise account and ensuring you will automatically receive weekly or monthly data.

S3 Bucket Configuration

The first step of the delivery process is to configure an S3 bucket for us to deliver the data to. You'll need to have access to your organization's Amazon Web Services (AWS) console with privileges to create an S3 bucket. To begin, please follow the instructions below, which should only take a few minutes to complete.

  1. Sign into the AWS S3 console.
  2. Create an S3 bucket in which you want to receive SafeGraph data (e.g. s3://my-company-sg-data).
  3. Create a policy for SafeGraph to access the bucket and prefix by first selecting the Permissions tab.
13781378
  1. Click on the Edit button under Bucket Policy.
  2. Copy this bucket policy as formatted below and paste into the permission editor:
{
   "Version": "2012-10-17",
   "Statement": [
        {
            "Sid": "SafeGraph Object Permissions",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::461305247324:role/safegraph-egress"
            },
            "Action": [
                "s3:PutObject",
                "s3:PutObjectAcl",
                "s3:PutObjectVersionAcl",
                "s3:PutObjectTagging",
                "s3:PutObjectVersionTagging",
                "s3:GetObject"
            ],
            "Resource": "arn:aws:s3:::{{your bucket name}}/{{data prefix}}/*"
        },
        {
            "Sid": "SafeGraph ListBucket Permission",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::461305247324:role/safegraph-egress"
            },
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::{{your bucket name}}",
            "Condition": {
                "StringLike": {
                    "s3:prefix": "{{data prefix}}/*"
                }
            }
        }
   ]
}

🚧

Include your bucket name in the policy

When pasting the policy above, please make sure to substitute your bucket name and path for {{your bucket name}} when specifying the resource. And substitute the prefix in the bucket you want the data to go for {{data prefix}} - note that this is case sensitive. Be sure to provide us this prefix.

  1. Click Save changes.
  2. Please send your customer success manager the name of your bucket and the prefix.
  3. Under Object Ownership, ensure object ownership is changed from the default value. This setting should be set on the bucket as
    Bucket owner preferred
    or
    Bucket owner enforced

🚧

Do not set up KMS encryption

Please do not enable KMS encryption when configuring the bucket. We will not be able to write to your S3 bucket if you enable this setting.

Delivery File Structure

See https://docs.safegraph.com/docs/delivery-file-structure