Announcing the winners & finalists of the Dataiku Frontrunner Awards 2021! Read their inspiring stories

Configure AWS credentials

papam
Level 1
Configure AWS credentials

Hello,

Is it possible to configure aws credentials in the backend of dataiku  and disable the use of this credentials by user . I want to only make it usable by dss only.

 

Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role)  but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .

I want to make this credentials only usable by a dataiku connection ( with STS assume role)  , or EMR plugin or EKS.

 

Thanks,

0 Kudos
2 Replies
Clément_Stenac
Dataiker
Dataiker

Hi,

To achieve that, use an AWS keypair rather than an instance profile IAM role, and put the keypair in a ~/.aws/credentials file in the home of the user running DSS on the instance.

If your DSS is configured with User Isolation, only the DSS system user will be able to read the credentials, impersonated user workloads won't.

papam
Level 1
Author

Hi,

Thank you for your answer ! 

I will try it.

 

 

0 Kudos
A banner prompting to get Dataiku DSS