Create an ID mapping table (rule-based)Create an ID mapping table (provider services)

Creating and populating a new ID mapping table

Before you create an ID mapping table, you must first have an associated ID namespace source and target. The ID namespace source and target that you associate to the collaboration must be configured for the type of ID mapping you want to perform (either rule-based ID mapping or provider services ID mapping).

After you create an ID mapping table, you have two options. You can populate it immediately, which runs the ID mapping workﬂow. Or, you can wait to populate the table later.

After the ID mapping table is successfully populated, you can then run a multi-table join query on the ID mapping table to join the sourceId with the targetId and analyze the data.

Topics

Create an ID mapping table (rule-based)
Create an ID mapping table (provider services)

Create an ID mapping table (rule-based)

This topic describes the process of creating an ID mapping table that uses matching rules to translate first-party data from a source to a target.

To create and populate a new ID mapping table using the rule-based method

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Collaborations.
Choose the collaboration.
On the Entity resolution tab, choose Create ID mapping table.

On the Create ID mapping table page under ID mapping settings, take one of the following actions based on your goal.

Your goal	Recommended action
Create a new ID mapping workflow	Leave the Create a new ID mapping workflow checkbox selected. Continue with Step 6.
Reuse an existing ID mapping workflow	Clear the Create a new ID mapping workflow checkbox. Select a rule-based ID mapping workflow from the dropdown list. Skip to Step 9.

Under Identity data, take one of the following actions based on your scenario

Your scenario	Recommended action
There is only one ID namespace source and one ID namespace target in the collaboration	View the Source and Target ID namespace associations.
There are multiple ID namespace associations in the collaboration	Select the Source and Target ID namepsace associations you want to use from the dropdown lists.

Under Method, view the selected ID mapping workflow method: Rule-based

For Rule parameters, specify the Rule controls, Comparison type, and Record matching configurations.

For Rule controls, choose if you want the matching rules to be provided by either the Target or Source ID namespace.

You can view the rules by turning on Show rules.

Rule controls must be compatible between the source and the target ID namespace to be used in an ID mapping workflow. For example, if a source ID namespace limits rules to the target but the target ID namespace limits rules to the source, this results in an error.
Comparison type is automatically set to Multiple input fields.

This is because both participants had selected this option previously.

Specify the Record matching type by choosing one of the following options.

Your goal	Recommended option
Limit the record matching type to store only one matching record in the source for each matched record in the target when you create the ID mapping workflow.	One source to one target
Limit the record matching type to store all matching records in the source for each matched record in the target when you create the ID mapping workflow.	Many sources to one target

Note

The limitations specified for the source and target ID namespaces must be compatible.

For ID mapping details, take the following actions.
1. Enter an ID mapping table name.
  
  You can use the default name or rename this ID mapping table.
2. (Optional) Enter a Description of the ID mapping table.
  
  The description helps with writing queries.

Specify the Permissions for AWS Clean Rooms access by choosing an option and taking the recommended action.

Option	Recommended action
Allow AWS Clean Rooms to add and manage permission policy	AWS Clean Rooms creates a service role with the required policy for this association.
Add and manage permissions manually	Do one of the following: Review the Resource policy and add necessary permissions to the policy. Use an existing policy by choosing Add policy statement. You must have permissions to modify roles and create policies. Note If you can’t modify the role policy, you receive an error message stating that AWS Clean Rooms couldn't ﬁnd the policy for the service role.

Specify the Permissions for AWS Entity Resolution access by choosing an option and taking the recommended action:

This section is only visible if you're creating a new ID mapping table.

Option Recommended action

Option	Recommended action
Create and use a new service role	AWS Clean Rooms creates a service role with the required policy for this table. The default Service role name is `entityresolution-id-mapping-workflow-<timestamp>` You must have permissions to create roles and attach policies. If your input data is encrypted, you can choose This data is encrypted by a KMS key and then enter an AWS KMS key that will be used to decrypt your data input.
Use an existing service role	Choose an Existing service role name from the dropdown list. The list of roles are displayed if you have permissions to list roles. If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use. View the service role by choosing the View in IAM external link. If there are no existing service roles, the option to Use an existing service role is unavailable. By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions. (Optional) Select the Add a pre-conﬁgured policy with necessary permissions to this role checkbox to attach necessary permissions to the role. You must have permissions to modify roles and create policies.

Create and use a new service role

AWS Clean Rooms creates a service role with the required policy for this table.

The default Service role name is entityresolution-id-mapping-workflow-<timestamp>

You must have permissions to create roles and attach policies.

If your input data is encrypted, you can choose This data is encrypted by a KMS key and then enter an AWS KMS key that will be used to decrypt your data input.

Use an existing service role

Choose an Existing service role name from the dropdown list.

The list of roles are displayed if you have permissions to list roles.

If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use.
View the service role by choosing the View in IAM external link.

If there are no existing service roles, the option to Use an existing service role is unavailable.

By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions.
(Optional) Select the Add a pre-conﬁgured policy with necessary permissions to this role checkbox to attach necessary permissions to the role. You must have permissions to modify roles and create policies.

(Optional) Specify any Additional settings by selecting one of the following:

For ID mapping table, take one of the following actions based on your goal.

Your goal Recommended action

Enable custom encryption settings for the ID mapping table

Your goal	Recommended action
Enable custom encryption settings for the ID mapping table	Choose Customize encryption settings and then enter the AWS KMS key. Note This KMS key needs to grant the required permissions to use within AWS Entity Resolution to `cleanrooms.amazonaws.com` using a KMS key policy. For more details about the required permissions for working with encryptions with an ID mapping workflow, see Create a workflow job role for AWS Entity Resolution in the AWS Entity Resolution User Guide.
Enable Tags for the ID mapping table resource	Choose Add new tag and then enter the Key and Value pair.

Choose Customize encryption settings and then enter the AWS KMS key.

Note

This KMS key needs to grant the required permissions to use within AWS Entity Resolution to cleanrooms.amazonaws.com using a KMS key policy. For more details about the required permissions for working with encryptions with an ID mapping workflow, see Create a workflow job role for AWS Entity Resolution in the AWS Entity Resolution User Guide.

Enable Tags for the ID mapping table resource Choose Add new tag and then enter the Key and Value pair.

For ID mapping workflow, take one of the following actions based on your goal.

This section is only visible if you're creating a new ID mapping table.

Your goal	Recommended action
Modify the Name and description of the ID mapping workflow	Clear the Keep the same ID mapping table name and description checkbox and enter a new ID mapping workflow name and Description.
Enable Tags for the ID mapping workflow resource	Choose Add new tag and then enter the Key and Value pair.

Choose one of the following options based on your goal.

Your goal Recommended option

Create an empty ID mapping table but not run the ID mapping workflow

Your goal	Recommended option
Create an empty ID mapping table but not run the ID mapping workflow	Create ID mapping table You can populate the ID mapping table later by following the Populating an existing ID mapping table process.
Create the ID mapping table and run the ID mapping workflow	Create and populate ID mapping table The ID mapping workflow process begins. During this process, the ID mapping table is populated with translated IDs. The ID mapping workflow might take a few hours to process. After the ID mapping table is successfully populated, you can query the ID mapping table to join the `sourceId` with the `targetId` and analyze the data.

Create ID mapping table

You can populate the ID mapping table later by following the Populating an existing ID mapping table process.

Create the ID mapping table and run the ID mapping workflow

Create and populate ID mapping table

The ID mapping workflow process begins. During this process, the ID mapping table is populated with translated IDs. The ID mapping workflow might take a few hours to process.

After the ID mapping table is successfully populated, you can query the ID mapping table to join the sourceId with the targetId and analyze the data.

Create an ID mapping table (provider services)

This topic describes the process of creating an ID mapping table that uses a provider service (LiveRamp). The LiveRamp provider services translates a set of source RampIDs to another using either maintained or derived RampIDs.

To create a new ID mapping table using the provider services method

Sign in to the AWS Management Console and open the AWS Clean Rooms console with your AWS account (if you haven't yet done so).
In the left navigation pane, choose Collaborations.
Choose the collaboration.
On the Entity resolution tab, choose Create ID mapping table.

On the Create ID mapping table page under ID mapping settings, take one of the following actions based on your goal.

Your goal	Recommended action
Create a new ID mapping workflow	Leave the Create a new ID mapping workflow checkbox selected. Continue with Step 6.
Reuse an existing ID mapping workflow	Clear the Create a new ID mapping workflow checkbox. Select a rule-based ID mapping workflow from the dropdown list. Skip to Step 9.

Under Identity data, take one of the following actions based on your scenario.

Your scenario	Recommended action
There is only one ID namespace source and one ID namespace target in the collaboration	View the Source and Target ID namespace associations
There are multiple ID namespace associations in the collaboration	Select the Source and Target ID namepsace associations you want to use from the dropdown lists.

Under Method, verify that the selected ID mapping workflow method is LiveRamp transcoding.
For LiveRamp conﬁgurations, enter the following information provided by LiveRamp:
- LiveRamp ID manager ARN
- LiveRamp secret manager ARN
Alternatively, you can choose Import from existing workflow:
For ID mapping details, take the following steps.
1. Enter an ID mapping table name.
  
  You can use the default name or rename this ID mapping table.
2. (Optional) Enter a Description of the ID mapping table.
  
  The description helps with writing queries.

Specify the Permissions for AWS Clean Rooms access by selecting one of the following:

Option	Recommended action
Allow AWS Clean Rooms to add and manage permission policy	AWS Clean Rooms creates a service role with the required policy for this association.
Add and manage permissions manually	Do one of the following: Review the Resource policy and add necessary permissions to the policy. Use an existing policy by choosing Add policy statement. You must have permissions to modify roles and create policies. Note If you can’t modify the role policy, you receive an error message stating that AWS Clean Rooms couldn't ﬁnd the policy for the service role.

Specify the Permissions for AWS Entity Resolution access by selecting an option and taking the recommended action.

This section is only visible if you're creating a new ID mapping table.

Option Recommended action

Option	Recommended action
Create and use a new service role	AWS Clean Rooms creates a service role with the required policy for this table. The default Service role name is `entityresolution-id-mapping-workflow-<timestamp>` You must have permissions to create roles and attach policies. If your input data is encrypted, you can choose the This data is encrypted by a KMS key option and then enter an AWS KMS key that will be used to decrypt your data input.
Use an existing service role	Choose an Existing service role name from the dropdown list. The list of roles are displayed if you have permissions to list roles. If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use. View the service role by choosing View in IAM. If there are no existing service roles, the option to Use an existing service role is unavailable. By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions. (Optional) Select the Add a pre-conﬁgured policy with necessary permissions to this role checkbox to add attach necessary permissions to the role. You must have permissions to modify roles and create policies.

Create and use a new service role

AWS Clean Rooms creates a service role with the required policy for this table.

The default Service role name is entityresolution-id-mapping-workflow-<timestamp>

You must have permissions to create roles and attach policies.

If your input data is encrypted, you can choose the This data is encrypted by a KMS key option and then enter an AWS KMS key that will be used to decrypt your data input.

Use an existing service role

Choose an Existing service role name from the dropdown list.

The list of roles are displayed if you have permissions to list roles.

If you don't have permissions to list roles, you can enter the Amazon Resource Name (ARN) of the role that you want to use.
View the service role by choosing View in IAM.

If there are no existing service roles, the option to Use an existing service role is unavailable.

By default, AWS Clean Rooms doesn't attempt to update the existing role policy to add necessary permissions.
(Optional) Select the Add a pre-conﬁgured policy with necessary permissions to this role checkbox to add attach necessary permissions to the role. You must have permissions to modify roles and create policies.

(Optional) Specify any Additional settings by selecting one of the following:

For ID mapping table, take one of the following actions based on your goal.

Your goal Recommended action

Enable custom encryption settings for the ID mapping table

Your goal	Recommended action
Enable custom encryption settings for the ID mapping table	Choose Customize encryption settings and then enter the AWS KMS key. Note This KMS key needs to grant the required permissions to use within AWS Entity Resolution to `cleanrooms.amazonaws.com` using a KMS key policy. For more details about the required permissions for working with encryptions with an ID mapping workflow, see Create a workflow job role for AWS Entity Resolution in the AWS Entity Resolution User Guide.
Enable Tags for the ID mapping table resource	Choose Add new tag and then enter the Key and Value pair.

Choose Customize encryption settings and then enter the AWS KMS key.

Note

Enable Tags for the ID mapping table resource Choose Add new tag and then enter the Key and Value pair.

For ID mapping workflow, take one of the following actions based on your goal.

This section is only visible if you're creating a new ID mapping table.

Your goal	Recommended action
Modify the Name and description of the ID mapping workflow	Clear the Keep the same ID mapping table name and description checkbox and enter a new ID mapping workflow name and Description.
Enable Tags for the ID mapping workflow resource	Choose Add new tag and then enter the Key and Value pair.

Choose one of the following actions based on your goal.

Your goal Recommended action

Create an empty ID mapping table but not run the ID mapping workflow

Your goal	Recommended action
Create an empty ID mapping table but not run the ID mapping workflow	Choose Create ID mapping table. You can populate the ID mapping table later by following the Populating an existing ID mapping table process.
Create the ID mapping table and run the ID mapping workflow	Choose Create and populate ID mapping table. The ID mapping workflow process begins. During this process, the ID mapping table is populated with transcoded IDs. The ID mapping workflow might take a few hours to process. After the ID mapping table is successfully populated, you can query the ID mapping table to join the `sourceId` with the `targetId` and analyze the data.

Choose Create ID mapping table.

You can populate the ID mapping table later by following the Populating an existing ID mapping table process.

Create the ID mapping table and run the ID mapping workflow

Choose Create and populate ID mapping table.

The ID mapping workflow process begins. During this process, the ID mapping table is populated with transcoded IDs. The ID mapping workflow might take a few hours to process.

After the ID mapping table is successfully populated, you can query the ID mapping table to join the sourceId with the targetId and analyze the data.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

ID mapping tables

Populating an existing ID mapping table