Role-Based AWS Credentials
This guide shows you how to configure IAM roles to manage your credentials at Upsolver.
Last updated
This guide shows you how to configure IAM roles to manage your credentials at Upsolver.
Last updated
Upsolver connections store access credentials such as IAM roles, access and secret keys, and connection strings. Connection objects are managed by administrators and referenced by users when creating data processing jobs. Connections are a simple and secure way to authenticate access to resources without the need to pass around sensitive credentials.
The bird's-eye view of the authentication scheme is using IAM roles, linked to your intended policy, with a trust relationship that contains an external id. Then, using that role and external id you can create Upsolver connections. If you would like to expand on IAM roles, you can find the AWS documentation .
The steps to manage credentials in Upsolver using AWS roles are:
Create an IAM policy with required permissions
Create an IAM role
The connection you create in Upsolver allows you to manage the credentials needed to list, read, write, and delete objects. It is up to you to determine which specific permissions you need when developing your Upsolver jobs.
The following instructions describe how to create an IAM policy and add the necessary permissions to allow Upsolver to access your data.
Log into the AWS Management Console.
On the dashboard, search for IAM and select Identity & Access Management (IAM):
Choose Account Settings from the menu on the left-hand side.
Expand the Security Token Service Regions list, find the AWS region corresponding to the region where your account resides, and choose Activate if it is Inactive.
Choose Policies from the menu on the left-hand side, and click Create Policy.
Click the JSON tab:
Click Review Policy.
Enter the name and description of the policy and click Create Policy.
In the AWS IAM Console, create an IAM role that grants access to the data.
From the IAM Console, select Roles from the menu on the left-hand side.
Click Create Role.
Select Custom trust policy as the Trusted Identity Type.
From Upsolver's Security Information page, you can copy the trusted entity that Upsolver assigned to your organization and paste it here:
Here is a trusted entity example:
You have now updated the IAM role trust policy to allow a specific Upsolver role to assume and use these permissions to access data in your AWS account.
Click Next.
Click Next.
Enter the name and description of the role and click Create role.
You’ve now created an IAM role that allows Upsolver to access your data.
Note down the Role ARN by selecting your role from the role summary page.
For example, creating an Amazon S3 connection:
Add the policy statement that allows Upsolver to access your data. You can find an Amazon S3 example .
Locate the policy you created in and add it to the role.
Now you are able to create an Upsolver connection using the role you created in and the external id generated by Upsolver in the trusted entity JSON.