If you are using ZappySys SSIS Amazon Storage Task to perform various S3 / DynamoDB or Redshift related options then you can use IAM Role option or use default credentials of User profile (Set via AWS Command Line or SDK).
Preparing EC2 VM to assume IAM role
Here is how you can set IAM Role option in ZappySys SSIS Amazon Storage Connection Manager (S3 Storage).
To use IAM Role for S3 your VM must be running as EC2 VM under AWS and it must be set to assume a specific IAM Role (Ask your AWS Admin to adjust this setting in AWS Console).
Once EC2 VM is set with a specific role when SSIS Package is executed it automatically gets a temporary access key behind the scene with specific permission. This is all automatic.
Check this article to learn how to use IAM Roles for SSIS Packages running in EC2 VM Instance (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html )
Here is some more information if you want to use IAM Role in non-EC2 VM (ZappySys doesn't support this method yet because we do not have a feature to choose Profile entry on connection manager - in future, we might add this... stay tuned!!!)
How AWS Default credential / IAM Role option works?
When you specify default credentials option here is how the system will search for credentials.
Credentials are searched in the following order and use the first available set
-
Access key and secret key values that are stored in the application's
App.config
orWeb.config
file. We strongly recommend using profiles rather than storing literal credentials in your project files. -
If a profile is specified:
-
The specified profile in the SDK Store.
-
The specified profile in the credentials file.
If no profile is specified:
-
A profile named
default
in the SDK Store.
Default credentials for SDK is stored at below location
C:\Users\YourUserName\AppData\Local\AWSToolkit\RegisteredAccounts.json -
A profile named
default
in the credentials file.
-
-
Credentials stored in the
AWS_ACCESS_KEY_ID
andAWS_SECRET_KEY
environment variables. -
For applications running on an Amazon EC2 instance, credentials stored in an instance profile (For assumed IAM Role for EC2 VM - Metadata service may be called to generate Temp credentials).
Check this article to learn how to use IAM Roles for SSIS Packages running in EC2 VM Instance (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html )
For more information about configuring AWS Credentials Check below link
https://docs.aws.amazon.com/sdk-for-net/v3/developer-guide/net-dg-config-creds.html
Articles about Amazon S3 related tasks in SSIS
https://zappysys.com/blog/category/ssis/tasks/ssis-amazon-storage-task/
https://zappysys.com/blog/category/ssis/components/ssis-amazon-s3-csv-source/
https://zappysys.com/blog/ssis-delete-amazon-s3-file-folder-bucket/
https://zappysys.com/blog/category/ssis/components/ssis-amazon-dynamodb-source/
Comments
0 comments
Please sign in to leave a comment.