Is it possible to configure aws credentials in the backend of dataiku and disable the use of this credentials by user . I want to only make it usable by dss only.
Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role) but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .
I want to make this credentials only usable by a dataiku connection ( with STS assume role) , or EMR plugin or EKS.
To achieve that, use an AWS keypair rather than an instance profile IAM role, and put the keypair in a ~/.aws/credentials file in the home of the user running DSS on the instance.
If your DSS is configured with User Isolation, only the DSS system user will be able to read the credentials, impersonated user workloads won't.