쿠키 기본 설정 선택

당사는 사이트와 서비스를 제공하는 데 필요한 필수 쿠키 및 유사한 도구를 사용합니다. 고객이 사이트를 어떻게 사용하는지 파악하고 개선할 수 있도록 성능 쿠키를 사용해 익명의 통계를 수집합니다. 필수 쿠키는 비활성화할 수 없지만 '사용자 지정' 또는 ‘거부’를 클릭하여 성능 쿠키를 거부할 수 있습니다.

사용자가 동의하는 경우 AWS와 승인된 제3자도 쿠키를 사용하여 유용한 사이트 기능을 제공하고, 사용자의 기본 설정을 기억하고, 관련 광고를 비롯한 관련 콘텐츠를 표시합니다. 필수가 아닌 모든 쿠키를 수락하거나 거부하려면 ‘수락’ 또는 ‘거부’를 클릭하세요. 더 자세한 내용을 선택하려면 ‘사용자 정의’를 클릭하세요.

Tutorial: Creating a connector for Goldman Sachs Financial Cloud for Data - Amazon FinSpace
이 페이지는 귀하의 언어로 번역되지 않았습니다. 번역 요청

Tutorial: Creating a connector for Goldman Sachs Financial Cloud for Data

Important

Amazon FinSpace Dataset Browser will be discontinued on March 26, 2025. Starting November 29, 2023, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using Amazon FinSpace with Managed Kdb Insights will not be affected. For more information, review the FAQ or contact AWS Support to assist with your transition.

This tutorial guides you through the steps to create a data connector for the Goldman Sachs Financial Cloud for Data (GSFCD) provider.

Prerequisites

Before you proceed, make sure that you have the following available:

  • Goldman Sachs Financial Cloud for Data API credentials – These credentials will be used to connect to the GSFCD. The credentials will be stored in AWS Secrets Manager so that the data connector can use them securely.

  • A FinSpace environment – You can only use a data connector in the FinSpace environment where it was created. For more information, see Create an Amazon FinSpace environment.

Step 1: Add connector details

To add connector details
  1. Sign in to the AWS Management Console and open the Amazon FinSpace console at https://console.aws.amazon.com/finspace.

  2. In the left pane, choose Data Providers.

    Tip

    Alternatively, you can also perform the following steps:

    1. In the left pane, choose Environments.

    2. From the list of environments, choose the name of the environment where you want to create a data connector.

    3. On the environment details page, scroll down to Data Connectors and choose Create connector. The Data Providers page opens.

  3. On the Data Providers page, for the Goldman Sachs Financial Cloud for Data provider, choose Add connector.

  4. On the Connector details page, provide a unique Connector name, and choose an account with superuser to run the connector.

  5. For Scheduled runs, select this option if you want to schedule automatic connector runs. The data connector will run daily at 00:00 UTC.

    Clear this option if you don't want to schedule automatic runs. You will need to manually start the data connector run from the console. For more information, see Running a data connector.

  6. Choose Next and proceed to Step 2: Add a secret name.

Step 2: Add a secret name

FinSpace uses AWS Secrets Manager to store the API credentials that your FinSpace environment will use to connect to the Goldman Sachs Financial Cloud for Data API. For more information, see Secrets Manager concepts in the AWS Secrets Manager User Guide.

When you choose Next on the Connector details page in the previous step, the Secret name page opens. You can choose an existing secret name or create a new one.

To add a secret name
  1. On the Secret name page, choose an existing secret name from the dropdown list.

  2. You can also create a new secret name on this page by choosing the Create new secret option from the list.

    1. Under the Create new secret section, for Secret name, enter a unique name for the secret.

    2. Enter the key-value pair for your secret in Client ID and Client secret, respectively.

    3. Choose an encryption AWS KMS key. This key will be used by AWS Secrets Manager to encrypt your secret. You can select an existing KMS key from the dropdown or create a new one by using the AWS Key Management Service. For more information, see the AWS Key Management Service Developer Guide.

      Note

      By default, this field displays the KMS key that you used to create the environment where you're creating this data connector.

  3. Choose Next and proceed to Step 3: Add customer IAM role.

Note

You can also create a secret directly from the AWS Secrets Manager console. For more information, see Create a secret in the AWS Secrets Manager User Guide.

Step 3: Add customer IAM role

In FinSpace, you can securely control access to data connectors by creating IAM policies and attaching them to roles. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when a principal uses an IAM entity (user or role) to make a request. For more information, see Roles terms and concepts in the IAM User Guide.

When you choose Next on the Secret name page in the previous step, the Customer IAM role page opens. You can select an existing role or create a new one.

To add a customer IAM role
  1. On the Customer IAM role page, choose an existing role ARN from the dropdown list.

  2. You can also create a new role on this page by choosing the Create new customer IAM role option from list.

    First create a permissive IAM policy and then create an IAM role. Then attach the new policy to it.

    To create an IAM policy

    1. Under the Create a policy section, choose Copy code to copy the policy code. You will use this code to create an IAM permissions policy.

    2. Choose Go to policy creation form. This button opens the Create policy page in a new tab.

      Note

      Do not close the Customer IAM role tab.

    3. On the Create policy page, choose the JSON tab. Delete any prepopulated JSON code, and then paste the policy code that you copied in previous step.

    4. Choose Next: Tags. (Optional) Add metadata to the policy by attaching tags as key-value pairs.

    5. Choose Next: Review.

    6. On the Review policy page, enter a Name and a Description (optional) for the policy that you're creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work.

      Note

      Remember this policy name because you will need it while creating a role.

    To create an IAM role

    1. Return to the Select customer IAM role tab. Under the Create a customer IAM role section, choose Copy code to copy the trust relationship code.

    2. Choose Go to customer IAM role form. This button opens the Create role setup in a new tab.

      Note

      Do not close the Customer IAM role tab.

    3. On the Select trusted entity page, for Trusted entity type, choose Custom trust policy.

    4. Under the Custom trust policy section, delete any prepopulated code, and then paste the trust relationship code that you copied in the previous step.

    5. Choose Next.

    6. On the Add permissions page, for Permissions policy, search for the policy name that you created in step f in "To add a customer IAM role". Select the policy check box and choose Next.

    7. On the Name, review, and create page, add a role name. Review the policy and permission details and choose Create role.

      Note

      Remember this role name because you will need it in the next step.

  3. Return to the Select customer IAM role tab. For Customer IAM role, enter the name of the role you created in the previous step.

  4. Choose Next and proceed to Step 4: Review and create.

Note

You can also create the IAM role and policy directly from the AWS Identity and Access Management console. For more information, see Creating an IAM role (console) in the IAM User Guide.

Step 4: Review and create

Review the connector details, secret name, and customer IAM role, and then choose Create connector.

After the new data connector is created, the connector details page opens where you can perform other operations using a data connector. To verify that the new connector setup is complete, see the Connector summary section and ensure that the Status is Active. The connector will start syncing automatically when it's connected. For more information, see Connector details.

Note
  • If you create multiple GSFCD data connectors for a single Amazon FinSpace environment, duplicate datasets are created in FinSpace if the GSFCD client access credentials that you use have an overlap in the datasets they have access to. To avoid this, only create multiple connectors with credentials that don't have overlapping access to datasets.

  • Datasets that are created when a GSFCD connector runs are placed in a system-generated permission group. You can't add them to other permission groups.

프라이버시사이트 이용 약관쿠키 기본 설정
© 2025, Amazon Web Services, Inc. 또는 계열사. All rights reserved.