選取您的 Cookie 偏好設定

我們使用提供自身網站和服務所需的基本 Cookie 和類似工具。我們使用效能 Cookie 收集匿名統計資料,以便了解客戶如何使用我們的網站並進行改進。基本 Cookie 無法停用,但可以按一下「自訂」或「拒絕」以拒絕效能 Cookie。

如果您同意,AWS 與經核准的第三方也會使用 Cookie 提供實用的網站功能、記住您的偏好設定,並顯示相關內容,包括相關廣告。若要接受或拒絕所有非必要 Cookie,請按一下「接受」或「拒絕」。若要進行更詳細的選擇,請按一下「自訂」。

Tutorial: Creating a connector for Goldman Sachs Financial Cloud for Data - Amazon FinSpace
此頁面尚未翻譯為您的語言。 請求翻譯

Tutorial: Creating a connector for Goldman Sachs Financial Cloud for Data

Important

Amazon FinSpace Dataset Browser will be discontinued on March 26, 2025. Starting November 29, 2023, FinSpace will no longer accept the creation of new Dataset Browser environments. Customers using Amazon FinSpace with Managed Kdb Insights will not be affected. For more information, review the FAQ or contact AWS Support to assist with your transition.

This tutorial guides you through the steps to create a data connector for the Goldman Sachs Financial Cloud for Data (GSFCD) provider.

Prerequisites

Before you proceed, make sure that you have the following available:

  • Goldman Sachs Financial Cloud for Data API credentials – These credentials will be used to connect to the GSFCD. The credentials will be stored in AWS Secrets Manager so that the data connector can use them securely.

  • A FinSpace environment – You can only use a data connector in the FinSpace environment where it was created. For more information, see Create an Amazon FinSpace environment.

Step 1: Add connector details

To add connector details
  1. Sign in to the AWS Management Console and open the Amazon FinSpace console at https://console.aws.amazon.com/finspace.

  2. In the left pane, choose Data Providers.

    Tip

    Alternatively, you can also perform the following steps:

    1. In the left pane, choose Environments.

    2. From the list of environments, choose the name of the environment where you want to create a data connector.

    3. On the environment details page, scroll down to Data Connectors and choose Create connector. The Data Providers page opens.

  3. On the Data Providers page, for the Goldman Sachs Financial Cloud for Data provider, choose Add connector.

  4. On the Connector details page, provide a unique Connector name, and choose an account with superuser to run the connector.

  5. For Scheduled runs, select this option if you want to schedule automatic connector runs. The data connector will run daily at 00:00 UTC.

    Clear this option if you don't want to schedule automatic runs. You will need to manually start the data connector run from the console. For more information, see Running a data connector.

  6. Choose Next and proceed to Step 2: Add a secret name.

Step 2: Add a secret name

FinSpace uses AWS Secrets Manager to store the API credentials that your FinSpace environment will use to connect to the Goldman Sachs Financial Cloud for Data API. For more information, see Secrets Manager concepts in the AWS Secrets Manager User Guide.

When you choose Next on the Connector details page in the previous step, the Secret name page opens. You can choose an existing secret name or create a new one.

To add a secret name
  1. On the Secret name page, choose an existing secret name from the dropdown list.

  2. You can also create a new secret name on this page by choosing the Create new secret option from the list.

    1. Under the Create new secret section, for Secret name, enter a unique name for the secret.

    2. Enter the key-value pair for your secret in Client ID and Client secret, respectively.

    3. Choose an encryption AWS KMS key. This key will be used by AWS Secrets Manager to encrypt your secret. You can select an existing KMS key from the dropdown or create a new one by using the AWS Key Management Service. For more information, see the AWS Key Management Service Developer Guide.

      Note

      By default, this field displays the KMS key that you used to create the environment where you're creating this data connector.

  3. Choose Next and proceed to Step 3: Add customer IAM role.

Note

You can also create a secret directly from the AWS Secrets Manager console. For more information, see Create a secret in the AWS Secrets Manager User Guide.

Step 3: Add customer IAM role

In FinSpace, you can securely control access to data connectors by creating IAM policies and attaching them to roles. A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. AWS evaluates these policies when a principal uses an IAM entity (user or role) to make a request. For more information, see Roles terms and concepts in the IAM User Guide.

When you choose Next on the Secret name page in the previous step, the Customer IAM role page opens. You can select an existing role or create a new one.

To add a customer IAM role
  1. On the Customer IAM role page, choose an existing role ARN from the dropdown list.

  2. You can also create a new role on this page by choosing the Create new customer IAM role option from list.

    First create a permissive IAM policy and then create an IAM role. Then attach the new policy to it.

    To create an IAM policy

    1. Under the Create a policy section, choose Copy code to copy the policy code. You will use this code to create an IAM permissions policy.

    2. Choose Go to policy creation form. This button opens the Create policy page in a new tab.

      Note

      Do not close the Customer IAM role tab.

    3. On the Create policy page, choose the JSON tab. Delete any prepopulated JSON code, and then paste the policy code that you copied in previous step.

    4. Choose Next: Tags. (Optional) Add metadata to the policy by attaching tags as key-value pairs.

    5. Choose Next: Review.

    6. On the Review policy page, enter a Name and a Description (optional) for the policy that you're creating. Review the policy Summary to see the permissions that are granted by your policy. Then choose Create policy to save your work.

      Note

      Remember this policy name because you will need it while creating a role.

    To create an IAM role

    1. Return to the Select customer IAM role tab. Under the Create a customer IAM role section, choose Copy code to copy the trust relationship code.

    2. Choose Go to customer IAM role form. This button opens the Create role setup in a new tab.

      Note

      Do not close the Customer IAM role tab.

    3. On the Select trusted entity page, for Trusted entity type, choose Custom trust policy.

    4. Under the Custom trust policy section, delete any prepopulated code, and then paste the trust relationship code that you copied in the previous step.

    5. Choose Next.

    6. On the Add permissions page, for Permissions policy, search for the policy name that you created in step f in "To add a customer IAM role". Select the policy check box and choose Next.

    7. On the Name, review, and create page, add a role name. Review the policy and permission details and choose Create role.

      Note

      Remember this role name because you will need it in the next step.

  3. Return to the Select customer IAM role tab. For Customer IAM role, enter the name of the role you created in the previous step.

  4. Choose Next and proceed to Step 4: Review and create.

Note

You can also create the IAM role and policy directly from the AWS Identity and Access Management console. For more information, see Creating an IAM role (console) in the IAM User Guide.

Step 4: Review and create

Review the connector details, secret name, and customer IAM role, and then choose Create connector.

After the new data connector is created, the connector details page opens where you can perform other operations using a data connector. To verify that the new connector setup is complete, see the Connector summary section and ensure that the Status is Active. The connector will start syncing automatically when it's connected. For more information, see Connector details.

Note
  • If you create multiple GSFCD data connectors for a single Amazon FinSpace environment, duplicate datasets are created in FinSpace if the GSFCD client access credentials that you use have an overlap in the datasets they have access to. To avoid this, only create multiple connectors with credentials that don't have overlapping access to datasets.

  • Datasets that are created when a GSFCD connector runs are placed in a system-generated permission group. You can't add them to other permission groups.

隱私權網站條款Cookie 偏好設定
© 2025, Amazon Web Services, Inc.或其附屬公司。保留所有權利。