The preparations required to deploy Datafold in your own Amazon Web Services (AWS) Account

Create a DNS A-record for the domain (for example, datafold.domain.tld) where Datafold is going to be hosted. For the DNS record there are two options:
  • Public-facing When the domain is publicly available, we will provide an SSL certificate for the endpoint.
  • Internal It is also possible to have Datafold disconnected from the internet. This would require an internal DNS (for example, AWS Route 53) record that points to the Datafold instance. It is possible to provide your own certificate for setting up the SSL connection.
Once the deployment is complete, you will point that A-record to the IP address of the Datafold service.

For setting up Datafold, it is required to set up a separate account within your organization where we can deploy Datafold. We're following the best practices of AWS to allow third-party access.

First, create a new account for Datafold. Go to My Organization to add an account to the organization:
Add an AWS Account:
We call the account name "Datafold". Make sure that the email address of the owner isn't used by another account.
When you hit the "Create AWS Account" button, you'll be returned back the organization screen, and see the notification that the new account is being created. After you refresh a couple of times, the account should appear in the list:

To make sure that deployment runs as expected, your Datafold Customer Engineer may need access to the Datafold-specific AWS account that you created. The access can be revoked after the deployment if needed. To grant access, log into the account created in the previous step. You can switch to the newly created account using the Switch Role page:
By default the role name is OrganizationAccountAccessRole.
Now you're logged in into the Account of Datafold:

Next, we need to allow Datafold to access the account. We do this by allowing the Datafold AWS account to access your AWS workspace. Go to the IAM page to add a role:
Go to the Roles page, and hit Create role:
Select Another AWS Account, and use account ID 710753145501 which is the one of Datafold. Make sure to Require MFA.
Let's get back to the previous tab, and make sure to select AdministratorAccess gives us control over the resources within the account.
Next, you can set Tags; however, they are not a requirement.
Finally, give the role a name of your choice and in line with your organization's naming conventions. Avoid calling it "Datafold" as in the pictures below:
Now the role is created, which marks Datafold as a trusted entity:
Please provide the link referenced in"Give this link to users who can switch roles in the console" to Datafold:
That's is, and we'll take it from there. After validating the deployment, and making sure that everything works as it should, we can revoke the credentials.
Copy link
On this page
Domain name
Allow Datafold access to the AWS Account