Reputation: 557
Connect to to AWS Athena using the AWS SSO from dBeaver
I am trying to connect to AWS Athena from the dbeaver. Documentation is saying that I can do that using the AWS SSO https://dbeaver.com/docs/wiki/AWS-SSO.
I went through all options and was not able to find such a configuration. I am using version 21.3.5.
Can anyone help me where do I find such a configuration?
Upvotes: 3
Views: 10353
Answers (6)
Reputation: 400
You have to use aws_access_key_id as username and aws_secret_access_key as password.
Upvotes: 0
Reputation: 41
To connect to AWS Athena with credentials generated through aws configure sso (whose creds are stored in ~/.aws/config) then do the following.
Add below Driver properties
"AWSCredentialsProviderClass"="com.amazonaws.custom.athena.jdbc.CustomIAMRoleAssumptionSAMLCredentialsProvider"
"AWSCredentialsProviderArguments"="<access_key_id>, <secret_access_key>, <session token>"
Reference :
Connecting with Federated Identities
If you already have your access token stored at ~/.aws/credentials then set below driver properties as mentioned by Filippo instead.
"AwsCredentialsProviderArguments"="<name_of_your_aws_profile>"
"AwsCredentialsProviderClass"="com.simba.athena.amazonaws.auth.profile.ProfileCredentialsProvider "
Upvotes: 0
Reputation: 61
For anyone else looking into this, I was able to make a custom JAR driver work for my AWS SSO configuration.
Mentioned here: https://github.com/dbeaver/dbeaver/issues/3918#issuecomment-1207615519 Clone the repository here: https://github.com/neitomic/simba-athena-driver-sso-support
I followed the installation instructions in the JAR repo and it worked like a charm.
I'm on a Windows PC, so relied on my Windows Subsystem for Linux installation to install maven and build the JAR.
Upvotes: 0
Reputation: 81
From the first screen shot, it appears you are using the Community Edition. True SSO is not supported for CE, but you can make it work. Use AWS's SSO awsapps start page and select the account / role you wish to use. Select 'Command line or programmatic access'. Choose option 2) 'Add a profile to your AWS Credentials file' and click to copy the text. Paste this text into your ~/.aws/credentials file. Now copy the first line of the credentials file but leave out the brackets '[]'. Edit the connection in DBeaver. Under driver properties paste the value for 'AwsCredentialsProviderArguments'. Then for 'AwsCredentialsProviderClass' set the value to 'com.simba.athena.amazonaws.auth.profile.ProfileCredentialsProvider'. The output S3 bucket and region should be set to what you need. Leave user and password blank and check 'save password locally'. The connection should work now. Note: this is only a session token and will time out after several hours. Just repeat and update the contents in the credentials file to update the session token. Hope this helps.
Upvotes: 8
Reputation: 8103
EDIT
Please ignore this answer if you are interested on the AWS SSO authentication using Athena with DBeaver. Thanks to @rholdberh I just noticed it.
This answer assumes you have an AWS key/secret pair, not SSO credentials.
Perhaps is that now supported?
I am successfully using the Community version:
EDIT
As requested by @rholdberh in the comments, the Driver properties, where I only added the Workgroup. Nothing else:
Upvotes: 2
Reputation: 123
As far as I understand, you use the Community version. However, AWS SSO is only available in the commercial versions of DBeaver.
Upvotes: 3
Related Questions
- AccessDenied on AWS Athena
- How to explicitly provide AWS credentials for Amazon Athena Service Client object
- Failure querying AWS Athena from DBeaver using IAM profiles / ephemeral credentials
- AWS Athena - Connect from Lambda
- Accessing AWS SSO using the AWS-SDK
- Unable to connect to AWS Athena Workgroup using JDBC connection?
- AWS Athena ODI JDBC connection
- Connect to Athena using SQL workbench
- Trouble connecting to AWS Athena via JDBC using Node Lambda
- Connecting with Athena using Python and pyathenajdbc