New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support AWS default credential provider chain #4021
Comments
- Support AWS environment variables - AWS_DEFAULT_REGION - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - AWS_SESSION_TOKEN - issue duckdb#4021
- Support AWS environment variables - AWS_DEFAULT_REGION - AWS_ACCESS_KEY_ID - AWS_SECRET_ACCESS_KEY - AWS_SESSION_TOKEN - issue duckdb#4021
This would be super useful for using DuckDB inside of apps running on kubernetes that get their AWS credentials via service accounts. |
Can't overstate how important this is! It's vital that any tool that talks to AWS use the Default Credentials Provider Chain and prefer that over explicit credentials. |
If profile (or instance profile) authentication is used, the profile name also should be able to be set from duckdb or an environment variable. AWS SDK often has such configurations. Here is an example of the Java version of AWS SDK's default credential provider: |
This is now supported in nightly builds and the upcoming release through the AWS extension: https://github.com/duckdblabs/duckdb_aws. I'll close this issue for now, if there are any issues or missing features, feel free to open an issue in the aws extension repo! |
@samansmink Great work! Thanks for creating this extension! |
What happens?
To use S3 (via the HTTPFS extension) requires explicitly setting AWS credentials, eg:
The AWS CLI and SDK has a default credential provider chain that will automatically use environment variables if present, or the EC2 metadata endpoint, etc. This removes the need to explicitly provide credentials to applications.
If would be nice if DuckDB could implement the default credentials provider chain (or at least source credentials from environment variables) so that credentials do not need to be explicitly provided.
To Reproduce
eg: from an EC2 instance try accessing an S3 dataset without explicitly providing credentials:
Environment (please complete the following information):
Identity Disclosure:
If the above is not given and is not obvious from your GitHub profile page, we might close your issue without further review. Please refer to the reasoning behind this rule if you have questions.
Before Submitting
master
branch?pip install duckdb --upgrade --pre
install.packages("https://github.com/duckdb/duckdb/releases/download/master-builds/duckdb_r_src.tar.gz", repos = NULL)
The text was updated successfully, but these errors were encountered: