Creating and populating a new ID mapping table - AWS Clean Rooms

Creating and populating a new ID mapping table

Before you create an ID mapping table, you must first have an associated ID namespace source and target. The ID namespace source and target that you associate to the collaboration must be configured for the type of ID mapping you want to perform (either rule-based ID mapping or provider services ID mapping).

After you create an ID mapping table, you have two options. You can populate it immediately, which runs the ID mapping workflow. Or, you can wait to populate the table later.

After the ID mapping table is successfully populated, you can then run a multi-table join query on the ID mapping table to join the sourceId with the targetId and analyze the data.

Create an ID mapping table (rule-based)

This topic describes the process of creating an ID mapping table that uses matching rules to translate first-party data from a source to a target.

To create and populate a new ID mapping table using the rule-based method
  1. Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).

  2. In the left navigation pane, choose Collaborations.

  3. Choose the collaboration.

  4. On the Entity resolution tab, choose Create ID mapping table.

  5. On the Create ID mapping table page under ID mapping settings, take one of the following actions based on your goal.

    Your goal Recommended action
    Create a new ID mapping workflow
    1. Leave the Create a new ID mapping workflow checkbox selected.

    2. Continue with Step 6.

    Reuse an existing ID mapping workflow
    1. Clear the Create a new ID mapping workflow checkbox.

    2. Select a rule-based ID mapping workflow from the dropdown list.

    3. Skip to Step 9.

  6. Under Identity data, take one of the following actions based on your scenario

    Your scenario Recommended action
    There is only one ID namespace source and one ID namespace target in the collaboration View the Source and Target ID namespace associations.
    There are multiple ID namespace associations in the collaboration Select the Source and Target ID namesapce associations you want to use from the dropdown lists.
  7. Under Method, view the selected ID mapping workflow method: Rule-based

  8. For Rule parameters, specify the Rule controls, Comparison type, and Record matching configurations.

    1. For Rule controls, choose if you want the matching rules to be provided by either the Target or Source ID namespace.

      You can view the rules by turning on Show rules.

      Rule controls must be compatible between the source and the target ID namespace to be used in an ID mapping workflow. For example, if a source ID namespace limits rules to the target but the target ID namespace limits rules to the source, this results in an error.

    2. Comparison type is automatically set to Multiple input fields.

      This is because both participants had selected this option previously.

    3. Specify the Record matching type by choosing one of the following options.

      Your goal Recommended option
      Limit the record matching type to store only one matching record in the source for each matched record in the target when you create the ID mapping workflow. One source to one target
      Limit the record matching type to store all matching records in the source for each matched record in the target when you create the ID mapping workflow. Many sources to one target
      Note

      The limitations specified for the source and target ID namespaces must be compatible.

  9. For ID mapping details, take the following actions.

    1. Enter an ID mapping table name.

      You can use the default name or rename this ID mapping table.

    2. (Optional) Enter a Description of the ID mapping table.

      The description helps with writing queries.

  10. Specify the Permissions for AWS Clean Rooms access by choosing an option and taking the recommended action.

    Option Recommended action
    Allow AWS Clean Rooms to add and manage permission policy AWS Clean Rooms creates a service role with the required policy for this association.
    Add and manage permissions manually Do one of the following:
    • Review the Resource policy and add necessary permissions to the policy.

    • Use an existing policy by choosing Add policy statement.

    You must have permissions to modify roles and create policies.

    Note

    If you can’t modify the role policy, you receive an error message stating that AWS Clean Rooms couldn't find the policy for the service role.

  11. Specify the Permissions for AWS Entity Resolution access by choosing an option and taking the recommended action:

    This section is only visible if you're creating a new ID mapping table.

    Option Recommended action
    Create and use a new service role

    AWS Clean Rooms creates a service role with the required policy for this table.

    The default Service role name is entityresolution-id-mapping-workflow-<timestamp>

    You must have permissions to create roles and attach policies.

    If your input data is encrypted, you can choose This data is encrypted by a KMS key and then enter an AWS KMS key that will be used to decrypt your data input.

    Use an existing service role
    1. Choose an Existing service role name from the dropdown list.

      The list of roles are displayed if you have permissions to list roles.

      If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use.

    2. View the service role by choosing the View in IAM external link.

      If there are no existing service roles, the option to Use an existing service role is unavailable.

      By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions.

    3. (Optional) Select the Add a pre-configured policy with necessary permissions to this role check box to attach necessary permissions to the role. You must have permissions to modify roles and create policies.

  12. (Optional) Specify any Additional settings by selecting one of the following:

    1. For ID mapping table, take one of the following actions based on your goal.

      Your goal Recommended action
      Enable custom encryption settings for the ID mapping table Choose Customize encryption settings and then enter the AWS KMS key.
      Note

      This KMS key needs to grant the required permissions to use within AWS Entity Resolution to cleanrooms.amazonaws.com using a KMS key policy. For more details about the required permissions for working with encryptions with an ID mapping workflow, see Create a workflow job role for AWS Entity Resolution in the AWS Entity Resolution User Guide.

      Enable Tags for the ID mapping table resource Choose Add new tag and then enter the Key and Value pair.
    2. For ID mapping workflow, take one of the following actions based on your goal.

      This section is only visible if you're creating a new ID mapping table.

      Your goal Recommended action
      Modify the Name and description of the ID mapping workflow Clear the Keep the same ID mapping table name and description check box and enter a new ID mapping workflow name and Description.
      Enable Tags for the ID mapping workflow resource Choose Add new tag and then enter the Key and Value pair.
  13. Choose one of the following options based on your goal.

    Your goal Recommended option
    Create an empty ID mapping table but not run the ID mapping workflow Create ID mapping table

    You can populate the ID mapping table later by following the Populating an existing ID mapping table process.

    Create the ID mapping table and run the ID mapping workflow Create and populate ID mapping table

    The ID mapping workflow process begins. During this process, the ID mapping table is populated with translated IDs. The ID mapping workflow might take a few hours to process.

    After the ID mapping table is successfully populated, you can query the ID mapping table to join the sourceId with the targetId and analyze the data.

Create an ID mapping table (provider services)

This topic describes the process of creating an ID mapping table that uses a provider service (LiveRamp). The LiveRamp provider services translates a set of source RampIDs to another using either maintained or derived RampIDs.

To create a new ID mapping table using the provider services method
  1. Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).

  2. In the left navigation pane, choose Collaborations.

  3. Choose the collaboration.

  4. On the Entity resolution tab, choose Create ID mapping table.

  5. On the Create ID mapping table page under ID mapping settings, take one of the following actions based on your goal.

    Your goal Recommended action
    Create a new ID mapping workflow
    1. Leave the Create a new ID mapping workflow checkbox selected.

    2. Continue with Step 6.

    Reuse an existing ID mapping workflow
    1. Clear the Create a new ID mapping workflow checkbox.

    2. Select a rule-based ID mapping workflow from the dropdown list.

    3. Skip to Step 9.

  6. Under Identity data, take one of the following actions based on your scenario.

    Your scenario Recommended action
    There is only one ID namespace source and one ID namespace target in the collaboration View the Source and Target ID namespace associations
    There are multiple ID namespace associations in the collaboration Select the Source and Target ID namepsace associations you want to use from the dropdown lists.
  7. Under Method, verify that the selected ID mapping workflow method is LiveRamp transcoding.

  8. For LiveRamp configurations, enter the following information provided by LiveRamp:

    • LiveRamp ID manager ARN

    • LiveRamp secret manager ARN

    Alternatively, you can choose Import from existing workflow:

  9. For ID mapping details, take the following steps.

    1. Enter an ID mapping table name.

      You can use the default name or rename this ID mapping table.

    2. (Optional) Enter a Description of the ID mapping table.

      The description helps with writing queries.

  10. Specify the Permissions for AWS Clean Rooms access by selecting one of the following:

    Option Recommended action
    Allow AWS Clean Rooms to add and manage permission policy AWS Clean Rooms creates a service role with the required policy for this association.
    Add and manage permissions manually Do one of the following:
    • Review the Resource policy and add necessary permissions to the policy.

    • Use an existing policy by choosing Add policy statement.

    You must have permissions to modify roles and create policies.

    Note

    If you can’t modify the role policy, you receive an error message stating that AWS Clean Rooms couldn't find the policy for the service role.

  11. Specify the Permissions for AWS Entity Resolution access by selecting an option and taking the recommended action.

    This section is only visible if you're creating a new ID mapping table.

    Option Recommended action
    Create and use a new service role

    AWS Clean Rooms creates a service role with the required policy for this table.

    The default Service role name is entityresolution-id-mapping-workflow-<timestamp>

    You must have permissions to create roles and attach policies.

    If your input data is encrypted, you can choose the This data is encrypted by a KMS key option and then enter an AWS KMS key that will be used to decrypt your data input.

    Use an existing service role
    1. Choose an Existing service role name from the dropdown list.

      The list of roles are displayed if you have permissions to list roles.

      If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use.

    2. View the service role by choosing View in IAM.

      If there are no existing service roles, the option to Use an existing service role is unavailable.

      By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions.

    3. (Optional) Select the Add a pre-configured policy with necessary permissions to this role check box to add attach necessary permissions to the role. You must have permissions to modify roles and create policies.

  12. (Optional) Specify any Additional settings by selecting one of the following:

    1. For ID mapping table, take one of the following actions based on your goal.

      Your goal Recommended action
      Enable custom encryption settings for the ID mapping table Choose Customize encryption settings and then enter the AWS KMS key.
      Note

      This KMS key needs to grant the required permissions to use within AWS Entity Resolution to cleanrooms.amazonaws.com using a KMS key policy. For more details about the required permissions for working with encryptions with an ID mapping workflow, see Create a workflow job role for AWS Entity Resolution in the AWS Entity Resolution User Guide.

      Enable Tags for the ID mapping table resource Choose Add new tag and then enter the Key and Value pair.
    2. For ID mapping workflow, take one of the following actions based on your goal.

      This section is only visible if you're creating a new ID mapping table.

      Your goal Recommended action
      Modify the Name and description of the ID mapping workflow Clear the Keep the same ID mapping table name and description check box and enter a new ID mapping workflow name and Description.
      Enable Tags for the ID mapping workflow resource Choose Add new tag and then enter the Key and Value pair.
  13. Choose one of the following actions based on your goal.

    Your goal Recommended action
    Create an empty ID mapping table but not run the ID mapping workflow Choose Create ID mapping table.

    You can populate the ID mapping table later by following the Populating an existing ID mapping table process.

    Create the ID mapping table and run the ID mapping workflow Choose Create and populate ID mapping table.

    The ID mapping workflow process begins. During this process, the ID mapping table is populated with transcoded IDs. The ID mapping workflow might take a few hours to process.

    After the ID mapping table is successfully populated, you can query the ID mapping table to join the sourceId with the targetId and analyze the data.