Enterprise Connect is available for dedicated instance customers only. Contact your Unstructured account team or Unstructured Support to have it enabled on your instance.
Setup requirements
Enterprise Connect requires the following:- A dedicated instance provisioned for your Unstructured account, with Enterprise Connect enabled. Contact your Unstructured account team or Unstructured Support to request access and have it enabled.
- An AWS account where you can create and manage IAM roles.
How Enterprise Connect works
Enterprise Connect uses AWS Security Token Service (STS), a service that grants temporary, limited-privilege credentials to access AWS resources. When a workflow runs, Unstructured calls AWS STS to request temporary credentials for your AWS account. AWS STS validates the request against a trust policy attached to an IAM role you’ve configured. If the validation passes, Unstructured receives temporary credentials scoped to the permissions for the AWS resources you defined in the IAM role. Credentials are never stored and expire automatically.IAM role and trust policy
Enterprise Connect requires an IAM role with a trust policy. The trust policy permits Unstructured to assume the role and receive the permissions needed to access your AWS resources. The trust policy must include two identifiers that together prevent unauthorized role assumption:- External ID — a unique value you generate and provide. Because this value is shared only between you and Unstructured, no third party can use the Unstructured ARN to assume your role, preventing the confused deputy problem. The same value goes in this trust policy and in the Unstructured configuration you set up later.
- Unstructured dedicated instance role ARN — each dedicated instance has a stable IAM role ARN (Amazon Resource Name). Your trust policy must name this ARN as the trusted principal. Your Unstructured account team provides this ARN. Treat it as the only Unstructured identity allowed to assume this role.
Configure connectors and AI providers
Follow the configuration instructions for the AWS resources Unstructured needs to access:- Enterprise Connect for AWS connectors — for AWS connectors; configurable through the Pipelines UI or API
- Enterprise Connect for Amazon Bedrock — for Amazon Bedrock model access; configurable through the AI Providers UI only

