Skip to main content

Getting Started

Step 1: Create Your Bucket

Create a storage bucket in your cloud provider (Google Cloud Storage). Share the following with Aampe:
  • Bucket name
  • Region/location

Step 2: Grant Access

The Aampe team will provide you with a service account email or identifier. Grant this account read access to your bucket.

Google Cloud Storage - Service Account Access

Option 1: Command Line 
gsutil iam ch serviceAccount:<aampe_service_account>:roles/storage.objectViewer gs://<your_bucket_name>
Option 2: IAM Policy JSON 
{
  "bindings": [
    {
      "role": "roles/storage.objectViewer",
      "members": [
        "serviceAccount:<aampe_service_account_email>"
      ]
    },
    {
      "role": "roles/storage.legacyBucketReader",
      "members": [
        "serviceAccount:<aampe_service_account_email>"
      ]
    }
  ]
}
Option 3: Console
  1. Go to your bucket in GCS Console
  2. Click “Permissions” → “Grant Access”
  3. Add the Aampe service account with “Storage Object Viewer” role

Google Cloud Storage - Workload Identity Federation (Enhanced Security)

For organizations requiring Workload Identity Federation, Aampe will provide a subject identifier.
  1. Create a custom IAM role with these permissions:
    • storage.buckets.get
    • storage.objects.get
    • storage.objects.list
  2. Set up Workload Identity Federation:
# Create a Workload Identity Pool
gcloud iam workload-identity-pools create aampe-pool \
    --location="global" \
    --display-name="Aampe Integration Pool"

# Create a Workload Identity Provider
gcloud iam workload-identity-pools providers create-oidc aampe-provider \
    --location="global" \
    --workload-identity-pool="aampe-pool" \
    --issuer-uri="https://accounts.google.com" \
    --allowed-audiences="<audience_provided_by_aampe>" \
    --attribute-mapping="google.subject=assertion.sub"

# Grant access to the bucket
gcloud storage buckets add-iam-policy-binding gs://<your_bucket_name> \
    --member="principal://iam.googleapis.com/projects/<project_number>/locations/global/workloadIdentityPools/aampe-pool/subject/<aampe_subject_identifier>" \
    --role="<your_custom_role>"

Step 3: Upload Your Data

Upload event data daily in one of these formats:
  • JSON or Newline Delimited JSON (ndJSON) - Preferred
  • CSV
  • Parquet
Use this file naming pattern:
  • Daily: events_YYYYMMDD.json (e.g., events_20240115.json)
  • With partitions: /year=2024/month=01/day=15/events_20240115.json

Data Format

Your event data should include these required fields (see Data Models for the full schema):

Congrats. The Aampe team will confirm that we’re successfully receiving your data.