Skip to main content

How to use IAM role for Amazon S3 related operations in SSIS

ZappySys Support Team
  • Updated

If you are using ZappySys SSIS Amazon Storage Task to perform various S3 / DynamoDB or Redshift related options then you can use IAM Role option or use default credentials of User profile (Set via AWS Command Line or SDK).

Preparing EC2 VM to assume IAM role

Here is how you can set IAM Role option in ZappySys SSIS Amazon Storage Connection Manager (S3 Storage).

To use IAM Role for S3 your VM must be running as EC2 VM under AWS and it must be set to assume a specific IAM Role (Ask your AWS Admin to adjust this setting in AWS Console).

Once EC2 VM is set with a specific role when SSIS Package is executed it automatically gets a temporary access key behind the scene with specific permission. This is all automatic.

Check this article to learn how to use IAM Roles for SSIS Packages running in EC2 VM Instance (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html ) 

 

Here is some more information if you want to use IAM Role in non-EC2 VM (ZappySys doesn't support this method yet because we do not have a feature to choose Profile entry on connection manager - in future, we might add this... stay tuned!!!)  

 

amazon-aws-storage-connection-iam-role-option-ec2-vm-assumed-role.png

 

How AWS Default credential / IAM Role option works?

When you specify default credentials option here is how the system will search for credentials.

 

Credentials are searched in the following order and use the first available set

  1. Access key and secret key values that are stored in the application's App.config or Web.config file. We strongly recommend using profiles rather than storing literal credentials in your project files.

  2. If a profile is specified:

    1. The specified profile in the SDK Store.

    2. The specified profile in the credentials file.

    If no profile is specified:

    1. A profile named default in the SDK Store.
      Default credentials for SDK is stored at below location

      C:\Users\YourUserName\AppData\Local\AWSToolkit\RegisteredAccounts.json

    2. A profile named default in the credentials file.

  3. Credentials stored in the AWS_ACCESS_KEY_ID and AWS_SECRET_KEY environment variables.

  4. For applications running on an Amazon EC2 instance, credentials stored in an instance profile (For assumed IAM Role for EC2 VM - Metadata service may be called to generate Temp credentials).
    Check this article to learn how to use IAM Roles for SSIS Packages running in EC2 VM Instance (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html ) 

 

For more information about configuring AWS Credentials Check below link 

 https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html

 

Articles about Amazon S3 related tasks in SSIS

https://zappysys.com/blog/category/ssis/tasks/ssis-amazon-storage-task/

https://zappysys.com/blog/category/ssis/components/ssis-amazon-s3-csv-source/

https://zappysys.com/blog/ssis-delete-amazon-s3-file-folder-bucket/

https://zappysys.com/blog/category/ssis/components/ssis-amazon-dynamodb-source/

 

 

 

 

 

 

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk