Tatango

This guide walks you through setting up a secure AWS S3 bucket so Tatango can automatically deliver reports to your AWS environment.

Tatango will upload report files directly to your S3 bucket using programmatic access credentials.

___________________________________________________________

Create a restricted IAM user (no console access)

Provide Tatango with the required credentials

1. Create a new private S3 bucket
2. Create a restricted IAM user (no console access)
3. Attach a minimal S3 write-only policy
4. Generate access keys
5. Provide Tatango with the required credentials

1. Required Settings
 1. Bucket name: Choose a globally unique name
 2. AWS Region: Choose the region where you want reports stored
 3. ACLs disabled (Bucket owner enforced)
 4. Block all public access: Enabled

1. Log into AWS
2. Navigate to S3
3. Click Create bucket
4. Configure the bucket:
 1. Required Settings
 1. Bucket name: Choose a globally unique name
 2. AWS Region: Choose the region where you want reports stored
 3. ACLs disabled (Bucket owner enforced)
 4. Block all public access: Enabled
5. Click Create bucket

⚠️ The bucket must not be publicly accessible.

1. Navigate to IAM → Users
2. Click Create user

User name: Example: tatango-report-export

AWS Management Console access: ❌ Do NOT enable

- This user should NOT have console access
- Programmatic access only

- User name: Example: tatango-report-export
- AWS Management Console access: ❌ Do NOT enable
 - This user should NOT have console access
 - Programmatic access only

Step 3: Attach a Custom IAM Policy

You will now create and attach a policy that allows Tatango to upload files to your bucket.

Tatango only needs: <code>s3:PutObject</code>

Name the policy (example: tatango-s3-report-upload)

1. In IAM, go to Policies
2. Click Create policy
3. Choose JSON
4. Paste the policy below
5. Click Next
6. Name the policy (example: tatango-s3-report-upload)
7. Create the policy

Replace {{ BUCKET_AME }} with your actual S3 bucket name.

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "s3:PutObject" ], "Resource": "arn:aws:s3:::{{ BUCKET_NAME }}/*" } ] }

1. Return to IAM → Users
2. Select the user you created
3. Click Add permissions
4. Choose Attach policies directly
5. Select the policy you just created
6. Click Add permissions

Go to the Security credentials tab

1. Access Key ID
2. Secret Access Key

1. Open the IAM user
2. Go to the Security credentials tab
3. Click Create access key
4. Select: <code>Use case: CLI</code>
5. Confirm and create the key
6. Copy and securely store:
 1. Access Key ID
 2. Secret Access Key

⚠️ You will only see the secret access key once. Save it securely.

You'll use the following when setting up the destination in Tatango:

If your security policy requires IP restrictions, you may whitelist Tatango’s outbound IP addresses.

All report delivery requests will originate from:

35.83.164.16 44.237.105.194 52.25.231.134 54.160.81.109

Creating a dedicated S3 bucket for Tatango exports

Restricting the IAM user to s3:PutObject only

Monitoring bucket access logs if required

- Creating a dedicated S3 bucket for Tatango exports
- Restricting the IAM user to s3:PutObject only
- Disabling console access
- Rotating access keys periodically
- Monitoring bucket access logs if required

How to Configure AWS S3 as a Destination for Tatango Report Builder

Find answers and get help from Intercom Support and Community Experts

This site employs cookies and other technologies that we and our third party vendors use to monitor and record personal information about you and your interactions with the site (including content viewed, cursor movements, screen recordings, and chat contents) for the purposes described in our Cookie Policy. By continuing to visit our site, you agree to our {websiteTermsLink}, {privacyPolicyLink} and {cookiePolicyLink}.

This site uses cookies and similar technologies ("cookies") as strictly necessary for site operation. We and our partners also would like to set additional cookies to enable site performance analytics, functionality, advertising and social media features. See our {cookiePolicyLink} for details. You can change your cookie preferences in our Cookie Settings.

We use cookies to make our site work and also for analytics and advertising purposes. You can enable or disable optional cookies as desired. See our {cookiePolicyLink} for more details.

Advertising cookies are set by our advertising partners to collect information about your use of the site, our communications, and other online services over time and with different browsers and devices. They use this information to show you ads online that they think will interest you and measure the ads' performance. Social media cookies are set by social media platforms to enable you to share content on those platforms, and are capable of tracking information about your activity across other online services for use as described in their privacy policies.

These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly.

These cookies are necessary for the website to function and cannot be switched off in our systems.

These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site.

You have the right to opt out of the sale of your personal information. See our {cookiePolicyLink} for more details about how we use your data.

Your Privacy Choices

We use cookies to enhance your experience. You can customize your cookie preferences below. See our {cookiePolicyLink} for more details.

Cookie Settings

Link, Press control-option-right-arrow to exit

Empty Help Center

Uh oh. That page doesn’t exist.

Home

Search

Disappointed

Neutral

Smiley

Thinking...

Searching through sources...

Analyzing...

Tickets submitted through the messenger or by a support agent in your conversation will appear here.

How to Configure AWS S3 as a Destination for Tatango Report Builder

Overview

Step 1: Create a New S3 Bucket

Step 2: Create a New IAM User

User Configuration

Step 3: Attach a Custom IAM Policy

Required Permission

Create the Policy

IAM Policy JSON

Attach the Policy to the IAM User

Step 4: Create Access Keys

Information Tatango Needs

Credentials

S3 Configuration

Optional: IP Whitelisting

Example IAM User Configuration

Security Best Practices