Merge pull request #149 from segmentio/repo-sync

repo sync

Author: bot-docsteam

src/_data/catalog/warehouse.yml

@@ -18,7 +18,7 @@ items:
   description: >-
     The AWS S3 destination provides a more secure way to store data in your AWS S3 buckets.
   url: connections/storage/catalog/aws-s3
-  status: PUBLIC_BETA
+  status: PUBLIC
   logo:
     url: 'https://d3hotuclm6if1r.cloudfront.net/logos/amazon-s3-default.svg'
   mark:

src/connections/destinations/catalog/actions-amplitude/index.md

@@ -138,7 +138,7 @@ Build your own subscriptions! Combine supported [triggers](/docs/connections/des
 - [Map User](#map-user)
 - [Group Identify User](#group-identify-user)
 
-You can see the Segment event fields Amplitude accepts for each action in the Actions subscription set up page. Combine these 
+You can see the Segment event fields Amplitude accepts for each action in the Actions subscription set up page.
 
 ### Log Event 
 

src/connections/storage/catalog/aws-s3/index.md

@@ -39,63 +39,66 @@ To complete this section, you need access to your AWS dashboard.
 
 1. Create a new S3 bucket in your preferred region. For more information, see Amazon's documentation, [Create your first S3 bucket](https://docs.aws.amazon.com/AmazonS3/latest/userguide/creating-bucket.html){:target="_blank"}. 
 2. Create a new IAM role for Segment to assume. For more information, see Amazon's documentation, [Creating a role to delegate permissions to an IAM user](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user.html){:target="_blank"}.
-3. Attach the following trust relationship document. Be sure to add your Workspace ID to the `sts:ExternalId` field. 
-    ```json
+    1. When prompted to enter an Account ID, enter `595280932656`. (You cannot enter an ARN in this step. In step 4, you can update the `Principal` to a specific role after you create an IAM role.)
+    2. Click the **Require External ID** checkbox.
+    3. Enter your Segment Workspace ID in the **External ID** field.
+3. Attach the following policy to the IAM role created in step 2. Replace `<YOUR_BUCKET_NAME>` with the name of the S3 bucket you created in step 1.    
+    ```json 
     {
-       "Version": "2012-10-17",
-       "Statement": [
-         {
-           "Sid": "",
-           "Effect": "Allow",
-           "Principal": {
-             "AWS": "arn:aws:iam::595280932656:role/segment-s3-integration-production-access"
-           },
-           "Action": "sts:AssumeRole",
-           "Condition": {
-             "StringEquals": {
-               "sts:ExternalId": "<YOUR_WORKSPACE_ID>"
-             }
-           }
-         }
-       ]
-     }
+        "Version": "2012-10-17",
+        "Statement": [
+            {
+            "Sid": "PutObjectsInBucket",
+            "Effect": "Allow",
+            "Action": [
+                "s3:PutObject",
+                "s3:PutObjectAcl"
+            ],
+            "Resource": "arn:aws:s3:::<YOUR_BUCKET_NAME>/segment-logs/*"
+            }
+      ]
+    }   
     ```
-4. Create and attach the following IAM policy to the role created in step 3 above. Replace `<YOUR_BUCKET_NAME>` with the name of the bucket you created in step 1 above.
+    If you're using KMS encryption on your S3 bucket, add the following policy to the IAM role:
     ```json
     {
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-        "Sid": "PutObjectsInBucket",
-        "Effect": "Allow",
-        "Action": [
-            "s3:PutObject",
-            "s3:PutObjectAcl"
-        ],
-        "Resource": "arn:aws:s3:::<YOUR_BUCKET_NAME>/segment-logs/*"
-        }
-    ]
+      "Version": "2012-10-17",
+      "Statement": [
+          {
+              "Sid": "AllowKMS",
+              "Effect": "Allow",
+              "Action": [
+                  "kms:GenerateDataKey",
+                  "kms:Decrypt"
+              ],
+              "Resource": "<YOUR_KEY_ARN>"
+          }
+        ]
     }
     ```
-    If you're using KMS encryption on your S3 bucket, add the following policy to the IAM role:
-    ```json
+If you have server-side encryption enabled, see the [required configuration](#encryption).
+ 
+4. Update `Principal` in the role’s trust relationship document to `arn:aws:iam::595280932656:role/segment-s3-integration-production-access`. Replace `<YOUR_WORKSPACE_ID>` with your Segment Workspace ID.
+``` json
     {
-    "Version": "2012-10-17",
-    "Statement": [
+      "Version": "2012-10-17",
+      "Statement": [
         {
-            "Sid": "AllowKMS",
-            "Effect": "Allow",
-            "Action": [
-                "kms:GenerateDataKey",
-                "kms:Decrypt"
-            ],
-            "Resource": "<YOUR_KEY_ARN>"
+          "Sid": "",
+          "Effect": "Allow",
+          "Principal": {
+            "AWS": "arn:aws:iam::595280932656:role/segment-s3-integration-production-access"
+          },
+          "Action": "sts:AssumeRole",
+          "Condition": {
+            "StringEquals": {
+              "sts:ExternalId": "<YOUR_WORKSPACE_ID>"
+            }
+          }
         }
       ]
     }
-    ```
-
-If you have server-side encryption enabled, see the [required configuration](#encryption).
+```
 
 ### Create an IAM role using the AWS CLI
 
@@ -128,7 +131,7 @@ To create an S3 IAM role, you must first install and configure the AWS CLI on yo
     }
     ```
 
-2. Navigate to the folder containing `trust-relationship-policy.json` and run the following command to create your IAM role and attach the trust relationship document, replacing `<YOUR_ROLE_NAME>` with the name you want to give this IAM role:
+2. Navigate to the folder containing `trust-relationship-policy.json` and run the following command to create your IAM role and attach the trust relationship document, replacing `<YOUR_ROLE_NAME>` with the name you want to give the IAM role:
 
     ``` python
     aws iam create-role --role-name <YOUR_ROLE_NAME> --assume-role-policy-document file://trust-relationship-policy.json --description "IAM role for Segment to assume (AWS S3 destination)"