Configure user aws credentials

papam
Level 1
Configure user aws credentials

Hello,

Is it possible to configure aws credentials in the backend of dataiku  and disable the use of this credentials by user . I want to only make it usable by dss only.

 

Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role)  but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .

I want to make this credentials only usable by a dataiku connection ( with STS assume role)  , or EMR plugin or EKS.

 

Thanks,

0 Kudos
2 Replies
CoreyS
Dataiker Alumni

Hi, @papam ! Can you provide any further details on the thread to assist users in helping you find a solution (insert examples like DSS version etc.) Also, can you let us know if youโ€™ve tried any fixes already? This should lead to a quicker response from the community.

Looking for more resources to help you use Dataiku effectively and upskill your knowledge? Check out these great resources: Dataiku Academy | Documentation | Knowledge Base

A reply answered your question? Mark as โ€˜Accepted Solutionโ€™ to help others like you!
0 Kudos
AndrewM
Dataiker

Hi papam,

You can restrict the usage of connections in DSS through the use of Groups. You can assign users to a particular group(s) and then give those groups permission to create projects, flows and code. 

Then under Connections you can specify the groups that should have access to the connection:

Screen Shot 2021-01-06 at 1.49.38 PM.png

Only users in these groups will be able to use the connection information to create new data sets from it and write back to it from recipes. Other users will only be able to use the datasets previously created by users that have access to the connection. 

In Python recipes, the connection information won't be visible to users in a non-admin group. For example, running the following code as a user in a group without the 'Administrator' checkbox checked will fail with a permissions error:

client = dataiku.api_client()
dss_connections = client.list_connections()

indicating that only administrator users are allowed to view and modify connections in Python code. 

Thank you.

Andrew M

0 Kudos