Merge pull request #2726 from segmentio/develop

Release 22.14.3

Author: forstisabella

Diff for: src/_data/sidenav/main.yml

@@ -192,6 +192,8 @@ sections:
         title: Set Up Data Lakes
       - path: /connections/storage/data-lakes/sync-reports
         title: Sync Reports and Error Reporting
+      - path: /connections/storage/data-lakes/lake-formation
+        title: AWS Lake Formation
       - path: /connections/storage/data-lakes/sync-history
         title: Data Lakes Sync History and Health
       - path: /connections/storage/data-lakes/comparison

Diff for: src/connections/destinations/catalog/actions-talon-one/index.md

@@ -0,0 +1,105 @@
+---
+title: Talon.One (Action) Destination
+hide-boilerplate: true
+hide-dossier: false
+hidden: true
+---
+
+<!-- In the section above, edit the `title` field. For example, Slack (Actions) Destination -->
+
+{% include content/plan-grid.md name="actions" %}
+
+Create flexible and targeted promotional and loyalty campaigns with [Talon.One](https://www.talon.one/){:target="_blank"}.
+Campaigns can be created and managed by non-technical users like marketers. There is no need to
+get your development team involved. Features include coupons, discounts, loyalty
+programs, referral tracking, geofencing, and bundling.
+
+This destination is maintained by Talon.One. For any issues with the destination, [contact the Talon.One Support team](mailto:[email protected]) or refer to [Talon.One's documentation](https://docs.talon.one/docs/dev/technology-partners/segment){:target="_blank"}.
+<!-- In the section below, add your destination name where indicated. If you have a classic version of the destination, ensure that its documentation is linked as well. If you don't have a classic version of the destination, remove the second and third sentences. -->
+
+> success ""
+> **Good to know**: This page is about the [Actions-framework](/docs/connections/destinations/actions/) Talon.One Segment destination. There's also a page about the [non-Actions Talon.One destination](/docs/connections/destinations/catalog/talonone/). Both of these destinations receive data from Segment.
+
+## Benefits of Talon.One (Actions) vs Talon.One Classic
+
+Talon.One (Actions) allows you to share more data than the classic destination.
+The classic version only shares customer profile data. The Action version supports sharing the following data:
+
+- Customer profile data
+- Audience data
+- Tracking events
+
+<!-- The section below explains how to enable and configure the destination. Include any configuration steps not captured below. For example, obtaining an API key from your platform and any configuration steps required to connect to the destination. -->
+
+## Getting started
+
+### Creating an API key in Talon.One
+
+Segment needs a Talon.One-generated API key to be able to send data to your Talon.One Application.  To generate an API key specific to Segment:
+
+1. Open your Talon.One Application in the Campaign Manager and click **Settings > Developer settings**.
+1. Click **Create API Key**.
+1. For **Do you want to use this API Key with a 3rd party service**, select **Yes**.
+1. Select **Segment** from the dropdown.
+1. Select an expiry date and click **Create API Key**.
+1. Copy it for later use.
+
+### Adding a Talon.One destination
+
+To start sending data to Talon.One from Segment, create a Talon.One
+[destination](/docs/connections/destinations/) in Segment.
+
+1. In Segment, click **Destinations** > **Add Destination**. The **Destination catalog** opens.
+1. Search for **Talon.one** and configure the destination.
+1. Enter the details:
+   - In **Name**, type a name, for example `Talon.One destination`.
+   - In **API key**, paste the API key generated in the previous section.
+   - In **Deployment**, type the URI of your Talon.One deployment, for example
+     `https://mycompany.europe-west1.talon.one/`.
+1. (Optional) Set up your filters.
+1. Configure the mapping:
+   1. Click **New Mapping** and select the type of action to perform in Talon.One.
+      For example _When a new audience is created in Segment, also create it in Talon.One._
+   1. Configure the trigger and action fields.
+1. Click **Event Tester** and test if you received the data in Talon.One.
+
+Once you receive data, you can start creating rules that rely on that data.
+
+> warning ""
+> **Important**: You might need to create custom attributes in Talon.One to be able to map the data from Segment in Talon.One. See the [Talon.One docs](https://docs.talon.one/docs/product/account/dev-tools/managing-attributes#creating-custom-attributes){:target="_blank"}.
+
+### Testing the integration
+
+You can use the following payloads to test and fine-tune your requests.
+
+```json
+{
+  "messageId": "segment-test-message-t1kx8e",
+  "timestamp": "2022-03-22T12:41:20.918Z",
+  "type": "track", // or any other type in Segment
+  "userId": "test-user-z65zqk",
+  "event": "track-event", // or any other event in Segment
+  "email": "[email protected]",
+  "projectId": "qR6APLKpCBB3ue8pHkBLpo",
+  "properties": {
+    "eventType": "mySegmentEvent",
+    "type": "boolean",
+    "customerProfileId": "a_customer_id",
+    "attributes": {
+      "language": "English" // depends your custom attributes in Talon.One
+    }
+  }
+}
+```
+
+### Next steps
+
+Once you receive data from Segment inside Talon.One, start creating your rules in the Campaign Manager. See the [Talon.One documentation](https://docs.talon.one/docs/product/rules/overview){:target="_blank"}.
+<!-- The line below renders a table of connection settings (if applicable), Pre-built Mappings, and available actions. -->
+
+{% include components/actions-fields.html %}
+<!-- If applicable, add information regarding the migration from a classic destination to an Actions-based version below -->
+
+## Migration from the classic Talon.One destination
+
+To prevent duplicate events being created in Talon.One, ensure that for each Segment source, this destination and the classic Talon.One destination are not both enabled at the same time.

Diff for: src/connections/destinations/catalog/talonone/index.md

@@ -4,6 +4,10 @@ title: Talon.One Destination
 beta: true
 id: 5de7c705e7d93d5e24742a04
 ---
+
+> warning ""
+> Segment and Talon.One recommend you use the [Talon.One (Action) Destination](/docs/connections/destinations/catalog/slack/) instead.
+
 Create flexible and targeted promotional & loyalty campaigns with [Talon.One](https://Talon.One/?utm_source=segmentio&utm_medium=docs&utm_campaign=partners).
 Campaigns can be created and managed by non-technical users such as marketeers. There is no need to get your development team involved. Features include coupons, discounts, loyalty programs, referral tracking, geo-fencing, and bundling.
 

Diff for: src/connections/storage/catalog/data-lakes/index.md

@@ -5,10 +5,10 @@ redirect_from: '/connections/destinations/catalog/data-lakes/'
 {% include content/plan-grid.md name="data-lakes" %}
 
 
-Segment Data Lakes provide a way to collect large quantities of data in a format that's optimized for targeted data science and data analytics workflows. You can read [more information about Data Lakes](/docs/connections/storage/data-lakes/) and learn [how they differ from Warehouses](/docs/connections/storage/data-lakes/comparison/) in our documentation.
+Segment Data Lakes provide a way to collect large quantities of data in a format that's optimized for targeted data science and data analytics workflows. You can read [more information about Data Lakes](/docs/connections/storage/data-lakes/) and learn [how they differ from Warehouses](/docs/connections/storage/data-lakes/comparison/) in Segment's Data Lakes documentation.
 
-> info ""
-> Segment Data Lakes is available to Business tier customers only.
+> note "Lake Formation"
+> You can also set up your Data Lakes using [Lake Formation](/docs/connections/storage/data-lakes/lake-formation/), a fully managed service built on top of the AWS Glue Data Catalog.
 
 ## Pre-Requisites
 
@@ -20,9 +20,9 @@ Before you set up Segment Data Lakes, you need the following resources:
 
 ## Step 1 - Set Up AWS Resources
 
-You can use the [open source Terraform module](https://github.com/segmentio/terraform-aws-data-lake) to automate much of the set up work to get Data Lakes up and running. If you’re familiar with Terraform, you can modify the module to meet your organization’s needs, however Segment guarantees support only for the template as provided. The Data Lakes set up uses Terraform v0.11+. To support more versions of Terraform, the aws provider must use v2, which is included in our example main.tf.
+You can use the [open source Terraform module](https://github.com/segmentio/terraform-aws-data-lake) to automate much of the set up work to get Data Lakes up and running. If you’re familiar with Terraform, you can modify the module to meet your organization’s needs, however Segment guarantees support only for the template as provided. The Data Lakes set up uses Terraform v0.11+. To support more versions of Terraform, the AWS provider must use v2, which is included in our example main.tf.
 
-You can also use our [manual set up instructions](/docs/connections/storage/data-lakes/data-lakes-manual-setup) to configure these AWS resources if you prefer.
+You can also use Segment's [manual set up instructions](/docs/connections/storage/data-lakes/data-lakes-manual-setup) to configure these AWS resources if you prefer.
 
 The Terraform module and manual set up instructions both provide a base level of permissions to Segment (for example, the correct IAM role to allow Segment to create Glue databases on your behalf). If you want stricter permissions, or other custom configurations, you can customize these manually.
 

Diff for: src/connections/storage/data-lakes/lake-formation.md

@@ -0,0 +1,77 @@
+---
+title: Lake Formation
+---
+
+{% include content/plan-grid.md name="data-lakes" %}
+
+Lake Formation is a fully managed service built on top of the AWS Glue Data Catalog that provides one central set of tools to build and manage a Data Lake. These tools help import, catalog, transform, and deduplicate data, as well as provide strategies to optimize data storage and security.
+
+> note "Learn more about Lake Formation features"
+> To learn more about Lake Formation features, refer to the [Amazon Web Services documentation](https://aws.amazon.com/lake-formation/features/){:target="_blank"}.
+
+The security policies in Lake Formation use two layers of permissions: each resource is protected by Lake Formation permissions (which control access to Data Catalog resources and S3 locations) and IAM permissions (which control access to Lake Formation and AWS Glue API resources). When any user or role reads or writes to a resource, that action must pass a both a Lake Formation and an IAM resource check: for example, a user trying to create a new table in the Data Catalog may have Lake Formation access to the Data Catalog, but if they don't have the correct Glue API permissions, they will be unable to create the table. 
+
+For more information about security practices in Lake Formation, see Amazon's [Lake Formation Permissions Reference](https://docs.aws.amazon.com/lake-formation/latest/dg/lf-permissions-reference.html){:target="_blank"} documentation. 
+
+## Configure Lake Formation
+You can configure Lake Formation using the [`IAMAllowedPrincipals` group](#configure-lake-formation-using-the-iamallowedprincipals-group) or by [using IAM policies for access control](#configure-lake-formation-using-iam-policies). Configuring Lake Formation using the `IAMAllowedPrincipals` group is an easier method, recommended for those exploring Lake Formation. Setting up Lake Formation using IAM policies for access control is a more advanced setup option, recommended for those who want additional customization options. 
+
+> info "Permissions required to configure Data Lakes"
+> To configure Lake Formation, you must be logged in to AWS with data lake administrator or database creator permissions. 
+
+### Configure Lake Formation using the IAMAllowedPrincipals group
+
+#### Existing databases
+1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/){:target="_blank"}.
+2. Under **Data catalog**, select **Settings**. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked. 
+3. Under **Permissions**, select the **Data lake permissions** section. Click **Grant**.
+4. On the **Grant data permissions** page, select the `IAMAllowedPrincipals` group in the Principals section.
+5. In the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
+6. Click **Grant**. 
+7. On the **Permissions** page, verify the `IAMAllowedPrincipals` group has "All" permissions.
+
+#### New databases
+1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/){:target="_blank"}.
+2. Under **Data catalog**, select **Settings**. Ensure the checkboxes under **Default permissions for newly created databases and tables** are not checked. 
+3. Select the Databases tab and click **Create database**. On the **Create database** page:
+    1. Select the **Database** button.
+    2. Name your database. 
+    3. Set the location to `s3://$datalake_bucket/segment-data/`. <br/> **Optional:** Add a description to your database.
+    4. Select the `Use only IAM access control for new tables in this database`.
+    5. Click **Create database**.
+4. On the **Databases** page, select your database. From the **Actions** menu, select **Grant**. 
+5. On the **Grant data permissions** page, select the `IAMAllowedPrincipals` group in the Principals section.
+6. In the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
+7. Click **Grant**. 
+8. On the **Permissions** page, verify the `IAMAllowedPrincipals` group has "All" permissions.
+
+#### Verify your configuration
+To verify that you've configured Lake Formation, open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/){:target="_blank"}, select **Data lake permissions**, and verify the `IAMAllowedPrincipals` group is listed with "All" permissions.
+
+### Configure Lake Formation using IAM policies
+
+> note "Granting Super permission to IAM roles"
+> If you manually configured your database, assign the `EMR_EC2_DefaultRole` Super permissions in step 8. If you configured your database using Terraform, assign the `segment_emr_instance_profile` Super permissions in step 8. 
+
+#### Existing databases
+1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/){:target="_blank"}.
+2. Under **Data catalog**, select **Settings**. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
+3. On the **Databases** page, select your database. From the **Actions** menu, select **Grant**. 
+5. On the **Grant data permissions** page, select the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`, if you configured your data lake using Terraform) and `segment-data-lake-iam-role` roles in the Principals section.
+6. In the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
+7. Click **Grant**. 
+8. On the **Permissions** page, verify the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`) and `segment-data-lake-iam-role` roles have "All" permissions.
+
+#### New databases
+1. Open the [AWS Lake Formation service](https://console.aws.amazon.com/lakeformation/){:target="_blank"}.
+2. Under **Data catalog**, select **Settings**. Ensure the checkboxes under the **Default permissions for newly created databases and tables** are not checked.
+3. Select the Databases tab and click **Create database**. On the **Create database** page:
+    1. Select the **Database** button.
+    2. Name your database. 
+    3. Set the location to `s3://$datalake_bucket/segment-data/`. <br/> **Optional:** Add a description to your database.
+    4. Click **Create database**.
+4. On the **Databases** page, select your database. From the **Actions** menu, select **Grant**. 
+5. On the **Grant data permissions** page, select the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`, if you configured your data lake using Terraform) and `segment-data-lake-iam-role` roles in the Principals section.
+6. In the **Database permissions** section, select the checkboxes for **Super** database permissions and **Super** grantable permissions.
+7. Click **Grant**. 
+8. On the **Permissions** page, verify the `EMR_EC2_DefaultRole` (or `segment_emr_instance_profile`) and `segment-data-lake-iam-role` roles have "All" permissions.