Enterprise Connect is available for dedicated instance customers only. Contact your Unstructured account team or Unstructured Support to have it enabled on your instance.
Enterprise Connect credential model
Enterprise Connect is an authentication method that provides workspace-level credential management for AWS connectors. During a workflow run, the connector uses AWS Security Token Service (STS) to assume an IAM role in your AWS account and receive temporary credentials. No credentials are stored; they expire automatically.Supported AWS connectors
Enterprise Connect supports the following AWS connectors:- AWS S3
- AWS OpenSearch
How Enterprise Connect works
Enterprise Connect requires setup in your AWS account. You create an IAM role and attach a trust policy that permits Unstructured’s service role to assume it. The trust policy includes an external ID, a unique value you generate and provide. Because only you know this value, only your workspace can trigger the role assumption, preventing the confused deputy problem. When a workflow runs, the connector uses the AWS STSAssumeRole API to assume your IAM role and receive temporary, least-privilege credentials. Unstructured uses the credentials for that operation only. They expire automatically and are never stored.
Setup requirements
Enterprise Connect requires the following:- A dedicated instance provisioned for your Unstructured account, with Enterprise Connect enabled. Contact your Unstructured account team or Unstructured Support to request access and have it enabled.
- An AWS account where you can create and manage IAM roles.
Configure your connector
Select your preferred interface (Pipelines or API) to view setup instructions for your connector.A connector configured with Enterprise Connect is available only in the workspace where it was created. It is not accessible from other workspaces in your Unstructured account.