Amazon S3 Guide

This document describes how to create Amazon S3 credentials and access your Foursquare data bucket on Amazon S3

Foursquare shares data with clients via Amazon Web Services Simple Storage Service (AWS S3) by hosting the bucket within its AWS organization account. Clients are given access to partner buckets via Identity Access Management (IAM) users and roles. The users and/or roles are created and owned by the client’s organization or free tier account and are external to Foursquare. Clients are not charged hosting or download fees by Foursquare for accessing data in S3 buckets.

For more information on AWS Free Tier please click here.

For more information on AWS IAM please see this frequently asked questions page.

Client Requirements for Accessing a Foursquare Partner Bucket:

  1. An Amazon Web Services (AWS) account
  2. An Identity Access Management (IAM) user or role configured with AmazonS3ReadOnlyAccess, OR an explicit Access Policy granting ListBucket and GetObject permissions on the Foursquare partner bucket.
  3. An Amazon Resource Name (ARN) for the IAM user or role defined in requirement #2

Once the client has met these three requirements the ARN from requirement #3 can be shared with Foursquare for access configuration on the partner bucket.

For Client Organizations that currently use AWS:

  1. Contact your organization’s Account Administrator and request an IAM user or role for S3 access. If the organization policy requires explicit Access Policy definitions, a Foursquare customer representative can provide the specific bucket information. The custom Access Policy must include ListBucket and GetObject actions on the foursquare bucket. Please note that Foursquare cannot enable access for root accounts, so a user or role IAM must be created.

  2. Request the ARN of the user or role from your Administrator. It will look like this:

      ```arn:aws:iam::123456789012:user/JohnSmith```
    
  3. Share the ARN with your Foursquare customer representative.

  4. Once Foursquare confirms bucket access configuration for the provided ARN, proceed to download the data with AWS Command Line Interface (AWS CLI) or a S3 client software. The Foursquare partner bucket will not be accessible through the AWS S3 Console in a web browser. We recommend S3Browser for Windows. See the last section of this Guide. Be advised that with either method, the authentication to AWS must be made with the user or role that matches the ARN provided.

For Client Organizations that are new to AWS:

This section will guide you through the process of creating the necessary credentials through AWS. In summary, these are the steps that need to be taken:

  1. Login to Amazon Web Services (AWS). If you don’t already have an account, you will have to create one. AWS Free Tier provides sufficient functionality to access Foursquare data.
  2. Within the AWS Console, create an identity in IAM that can access Amazon S3 buckets. This identity will be shared with Foursquare in the form of an Amazon Resource Name (or ARN).
  3. Foursquare will create an Amazon S3 bucket, load it with your data set, and attach your ARN to the S3 bucket.
  4. Using an S3 client or the AWS Command Line Interface (AWS CLI), you will connect to the S3 bucket that Foursquare has configured and download your data set.

Logging in to Amazon Web Services:

To begin, you will need to log into Amazon Web Services (AWS).

  1. Visit the ​Amazon Web Services website​, and click on “Sign In to the Console”.
  2. If you don’t have an AWS account, go through the step-by-step instructions to create your own AWS account.
  3. With your AWS credentials, log into your account and arrive at the Amazon Web Services Console.

Creating an Identity via Amazon Web Services Console

Now that you’ve successfully logged into the Amazon Web Services Console, you will now need to create an identity that has the correct policy attached to access Amazon S3 buckets.

  1. On the Amazon Web Service Console, click on “IAM” under “Security, Identity, & Compliance”.
  2. Click on “Users” in the Left Panel menu, then click “Add Users”. Fill in a user name of your choice, and ensure that “Access Key - programmatic access” is checked. Click “Next: Permissions” to proceed.
  3. On the next screen, in “Set Permissions”, select “Add User to Group”. Then in “Add user to group” click “Create Group”
  4. In the Create Group dialog, add a “Group Name”. In the list of available policies, find “AmazonS3ReadOnlyAccess” and click the checkbox. Then click
    “Create Group”
  5. Back on the User creation page, click on the checkbox next to the Group that was just created. Click on “Next: Tags” to proceed.
  6. Optionally, add Tags for your reference. Click “Next: Review”
  7. After reviewing the User details, permissions and tags, click “Create User” to finalize. On the last page, you can optionally save the Access Key ID and Secret Access Key for later reference. Click “Close” to return to the main IAM console page.
  8. The last step is to share the ARN for the newly created user. In the IAM console page, click on the user to open its Summary page. The first item in the summary is the User ARN. Please copy this and email your Foursquare customer representative. It should look like this:

    arn:aws:iam::123456789012:user/JohnSmith

Connecting to the Foursquare S3 Bucket

In order to access your Foursquare data bucket on Amazon S3, you will have to use a third-party application to connect to the bucket. We recommend using S3 Browser for Windows.
(Please take note that you won’t be able to access the data via the Amazon Web Services console via your browser. This is due to the fact that the bucket was created by us, and will be an external bucket from your point of view.)

  1. Visit the ​S3 Browser website​ and install the client.
  2. Launch S3 Browser and enter your AWS credentials on the “Add New Account” page.
  3. On the menu bar, click on “Buckets”, and then “Add External Bucket”. Enter the Foursquare bucket name here, then finish by clicking “Add External Bucket”.

Did this page help you?