AWS for Industries

Power Identity Translation with LiveRamp in Your VPC

With the expansion of data privacy laws and deprecation of consumer identifiers such as third-party cookies, customers across the advertising and marketing industry are investing in first-party data and identity solutions that allow them to connect, control, and activate data quickly and securely. However, challenges like data security, interoperability of identity data between parties, and ecosystem latency have made solutions challenging to implement.

Today at re:Invent 2021 we’re excited to announce the launch of LiveRamp’s Embedded Transcoder in AWS Marketplace. LiveRamp makes it safe and easy for companies to use data effectively. This patent-pending solution empowers brands, technology platforms, data providers, and publishers to deploy LiveRamp identity services into their Amazon Virtual Private Cloud (VPC) and unlock translation services while maintaining control of their data. The solution translates 100% of LiveRamp’s privacy-first, person-based RampID identifiers from one encoding to another without any data drop off, preserving customers’ data from data loss, protecting data quality, ensuring accuracy to power customers’ marketing workflows and use cases. The solution helps customers reduce latency and improve performance throughout all downstream use cases including analytics, direct activation, and measurement while abiding by world-class privacy and security standards.

LiveRamp’s RampIDs are encoded per client, enhancing privacy and security and locking down the client’s identity space to protect their RampID domain. Embedded Transcoder allows for the conversion of RampID from one encoding to RampID in another partner encoding, opening up interoperability between parties and translation of RampIDs in a safe and secure way. Customers looking to power direct activation from their cloud environment can now analyze customer data, build customer segments, and translate to the destination encoding for direct activation on RampID—all from within your Amazon VPC. With conversion taking place inside a VPC, the data never leaves your control, minimizing latency and enhancing security, allowing the full audience segment to be delivered to the destination platform without any drop off.

LiveRamp’s AWS Embedded Transcoder deployment invokes Amazon SageMaker’s network isolation mode on the appliance, protecting your VPC and deployed LiveRamp technology. The system design forces all interactions between the encryption technology and your VPC through a proxy service. This proxy also handles authentication requirements and updates to the appliance. This approach helps customers to bring the full power of LiveRamp identity into their own environments while protecting their own data and enabling LiveRamp to protect its data too. The architecture minimizes risks of re-identification to ensure data is protected and used safely, minimizes data movement, and empowers customers to keep greater control over their data.

LiveRamp Embedded Transcoder

The remainder of this blog post describes how you can deploy Embedded Transcoder in your VPC via AWS Marketplace, and translate partner encodings to achieve interoperability across advertising and marketing partners.


This solution is intended for existing LiveRamp customers with data already resolved to RampID looking for a way to translate to a partner encoded RampID within their own Amazon VPC. The following prerequisites are needed:

  • Access to a public GitHub repository.
  • An AWS Marketplace account and ability to procure through the AWS Marketplace.
  • Access to AWS CloudFormation and the ability to create AWS Identity and Access Management (IAM) roles and resources.
  • Customer data resolved to LiveRamp’s RampID, as this service will transcode from one RampID encoding to another.
  • Multi-party consent is required. Both parties need to launch a LiveRamp permission order for access to be permitted to transcode to a partner RampID encoding. For example, if a data provider wants to activate segments through a direct integration with a DSP, both sides need to agree to that translation, ensuring security of the domains.

Deploying Embedded Transcoder

A typical use case for transcoding is the ability to unlock collaboration use cases by translating an encoded RampID to a partner’s encoding (or vice versa). By leveraging LiveRamp’s Embedded Transcoder offering, you’re able to translate across identity spaces to drive actionable insights. Let’s walk through the deployment process starting in AWS Marketplace, downloading the CloudFormation template, and instantiating the Transcoder appliance.

  1. Subscribe to LiveRamp’s Embedded Transcoder product through the AWS Marketplace.
  2. Run multi-party agreements through LiveRamp for data exchange.
  3. Download the template from the public GitHub repository.
  4. Run the template in AWS CloudFormation.
  5. Run the LiveRamp /init endpoint to initialize the transcoder.
  6. Get a Smart Token from SM Proxy’s /request endpoint. Tokens must be refreshed every 15 minutes by calling the /request endpoint and passing the rpc parameter the value refresh. The system must also be reinitialized every day after 6 AM CST (UTC -6:00).
  7. Use the SageMaker proxy /request endpoint to perform the transcoding; client_id, client_secret, and the rpc parameter set to request as parameters of the call.


The LiveRamp Embedded Transcoder is deployed by running a CloudFormation template in AWS using the /init endpoint, as shown in the following diagram. This template stands up two VPCs: one for the customer, and a second for LiveRamp’s ID-API authentication. To obtain the needed credentials in the form of a Java Web Token (JWT), a call is made to the /auth endpoint. The session token is valid for 15 minutes from the issuance. A third service call is made to the /request endpoint, which passes the token and specifies the data to be processed.

Wrap up

Brands, technology platforms, data providers, and publishers can use LiveRamp Embedded Transcoder for highly secure transcoding between parties, bringing the power of LiveRamp identity into their own environments while protecting their own data. It’s available today on AWS Marketplace. Check out the GitHub file and deployment guide to get started.

Clark Fredricksen

Clark Fredricksen

Clark Fredricksen is Head of Worldwide Marketing for the Advertising and Marketing Industry at Amazon Web Services (AWS). Before joining AWS, Clark spent a decade at research firm eMarketer, where he sat on the company’s executive management team and held leadership roles in marketing, product management, and communications. He is an avid cyclist.

Lisa Cramer

Lisa Cramer

Lisa Cramer is Product Manager, Embedded Products at LiveRamp.

Sunit Randhawa

Sunit Randhawa

Sunit is Principal Solutions Architect at AWS focusing in the Financial Services Industry. He has a strong background in designing and building scalable distributed systems. He enjoys helping customers innovate and transform their business in AWS.