Configure AWS credentials

papam
papam Registered Posts: 5 ✭✭✭
in Using Dataiku

Hello,

Is it possible to configure aws credentials in the backend of dataiku and disable the use of this credentials by user . I want to only make it usable by dss only.

Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role) but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .

I want to make this credentials only usable by a dataiku connection ( with STS assume role) , or EMR plugin or EKS.

Thanks,

· Share on FacebookShare on Twitter

Answers

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker

    Hi,

    To achieve that, use an AWS keypair rather than an instance profile IAM role, and put the keypair in a ~/.aws/credentials file in the home of the user running DSS on the instance.

    If your DSS is configured with User Isolation, only the DSS system user will be able to read the credentials, impersonated user workloads won't.

    · Share on FacebookShare on Twitter
  • papam
    papam Registered Posts: 5 ✭✭✭

    Hi,

    Thank you for your answer !

    I will try it.

    · Share on FacebookShare on Twitter
Bookmark this topic

Categories

Setup Info
    Tags
      Help me…