Connect HRIS S3 data to your Teamwork Graph

Amazon Web Services (AWS) S3 is a cloud storage service that enables organizations to securely store and manage large datasets, including HRIS (Human Resources Information System) data. The Atlassian Teamwork Graph HRIS S3 connector allows you to automate the import of HRIS data (such as positions and workers) from CSV files stored in your S3 bucket, making this data available to Atlassian apps like Talent.

What data is imported?

The S3 connector imports and stores these objects:

• 組織

• Positions

• Workers

The metadata and attributes ingested is detailed in the CSV files generated below.

はじめる前に

• You must have permissions to create S3 buckets and IAM policies in your AWS organization.

• You must be an Atlassian Organization admin to configure the connector in Atlassian administration.

• Data from this connector will be used by apps like Talent. To understand permissions and data use, read the the .

• Some fields you need to configure are specific to the app you’re using this connector for, like Talent. You can include custom fields you’ve created in Talent.

• You can add multiple connectors to Teamwork Graph. Note that the Talent app can only have one active connector at a time. If switching from another connector (e.g., Workday), you must stop syncing from the old connector before enabling the S3 connector.

Overview of S3 setup

To connect your HRIS data via S3, you’ll need to:

1. Prepare your CSV files for organizations, positions, and workers.

2. Create an S3 bucket in AWS and upload your CSV files.

3. Gather your S3 file paths.

4. Begin setting up the connector in Atlassian Administration, and collect the connector’s AWS External ID.
   Note: You will need to leave the new connector configuration screen open while you create an AWS IAM role. You will then return to the new connector to complete setup.

5. Set up an IAM role in AWS with appropriate permissions.

6. Gather your S3 access credentials.

7. Complete configuration and install the connector in Atlassian Administration.

This page will guide you through all the steps, which may take up to one hour to configure.

Prepare Your CSV Files

To create your CSV files, you can download the following templates for each object:

• Organizations template CSV file

• Positions template CSV file

• Workers template CSV file

Ensure your files are well-formatted and free of errors. Large datasets (up to 100-150k records) are supported.

Create an S3 bucket and upload files

1. In the Amazon Web Services Console, go to S3 and create a new bucket. Example: atlassian-hris-data

2. Upload your prepared CSV files to the bucket. Example: positions.csv

3. Note the full S3 paths for each file. Example: s3://atlassian-hris-data/positions.csv

Begin connector creation and obtain AWS IAM external ID

To connect to your S3 bucket, AWS requires an External ID associated with your Teamwork Graph connector. You will need to begin creating the HRIS S3 connector in Atlassian Administration to collect this ID.

1. Go to http://admin.atlassian.com.

   1. Select an organization if you have more than one.

2. In the left-hand menu, expand > Apps > Sites

   1. Select the site you want.

3. Select Connected apps from the left-hand menu.

4. In the top-right corner, expand the dropdown to the right of the Explore apps button

5. Select Add Teamwork Graph connector.

6. Choose HRIS S3 Connector.

7. Enter a connector name and S3 bucket file paths for your position, worker, and organization CSV files.

8. At the bottom of the page, select the Copy icon to the right of your External ID. Save this string for use later.

9. Leave the new connector configuration window open; you will return to it after configuring IAM credentials in AWS.

Set up IAM credentials

To allow the HRIS S3 connector to access your HRIS data, you need to create an IAM role in your Amazon Web Services account with the correct trust and permissions policies.

Create a role

1. In the AWS Console, go to IAM and select Roles.

2. Select Create role and choose Custom trust policy for the trusted entity type.

3. Copy the following JSON into a text editor, and replace 12345 with the AWS external ID you saved earlier from Atlassian Administration.

   { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::803654906195:role/hris-s3-connector" }, "Action": "sts:AssumeRole", "Condition": { "StringEquals": { "sts:ExternalId": "12345" <- change this } } } ] }

4. Paste the updated JSON into the Custom trust policy window. This allows Atlassian to assume the role.

5. Select Next through the role creation steps until you see the Name, review, and create step.

6. In Role name, enter any name that begins with “atlassian-hris-s3”, such as atlassian-hris-s3-role. The name must begin with this identifier to be recognized.

7. Complete the role creation steps.

Provide the role permission to read from S3

1. From the roles page, search for the new role.

2. Select the role name to open it.

3. Select the Permissions tab.

4. Select Create inline policy from the Add permissions dropdown.

5. Copy and paste the following policy, replacing [bucket-name] with your S3 bucket name:

   { "Version": "2012-10-17", "Statement": [ { "Sid": "Statement1", "Effect": "Allow", "Action": [ "s3:GetObject", "s3:ListBucket" ], "Resource": "arn:aws:s3:::[bucket-name]/*" } ] }

6. [次へ] を選択します。

7. Name the policy, then select Create policy. You will see a message at the top of the role page that the new policy was created.

8. Copy the role's ARN, which you’ll use to finish configuring the connector in Atlassian Administration.

Complete connector creation in Atlassian Administration

To create the new connector, return to your open connector configuration screen in Atlassian Administration.

1. Enter the AWS role ARN that you created earlier.

2. Select Install to create the connector.

3. Validate the connection. The connector will check S3 access and CSV format.

   • If errors are detected (e.g., authentication, file format), you’ll see detailed error messages in Atlassian Administration.

Once you've added the connector successfully, it may take 24 hours for your data to be available in your Atlassian site.