|
<< Click to Display Table of Contents >> Raynet One Data Hub > 14.0 > Connectors > Alphabetic Connector List > Amazon Organizations > Connector Parameters Authentication |
This parameter contains the Access Key that is used for the connection to the Session Token Service (STS).
Technical Name |
access_key_id |
Category |
Authentication |
Type |
String |
Default Value |
n/a |
Example Values |
|
How to get the credentials is described in the official documentation. It is recommended to generate credentials tailored to this connector via the IAM Console. The connector uses this credentials to do the first authentication to AWS. It then gets (and automatically renews) the session credentials for the time of the execution.
This parameter contains the Secret Access Key that is used for the connection to the Session Token Service (STS).
Technical Name |
secret_access_key |
Category |
Authentication |
Type |
String |
Default Value |
n/a |
Example Values |
|
How to get the credentials is described in the official documentation. It is recommended to generate credentials tailored to this connector via the IAM Console. The connector uses this credentials to do the first authentication to AWS. It then gets (and automatically renews) the session credentials for the time of the execution.
This parameter contains the Session Token for the connection to the Session Token Service (STS).
Technical Name |
session_token |
Category |
Authentication |
Type |
String null |
Default Value |
null |
Example Values |
null |
How to get the credentials is described in the official documentation. It is recommended to generate credentials tailored to this connector via the IAM Console. The connector uses this credentials to do the first authentication to AWS. It then gets (and automatically renews) the session credentials for the time of the execution.
Use the Session Token Service (STS) to assume the given roles one after another.
Technical Name |
master_assume_role_arn_chain |
Category |
Authentication |
Type |
String |
Default Value |
n/a |
Example Values |
arn:aws:iam::123456789012:role/ROLE_NAME |
The initial credentials might not have the required permissions for the job. One can perform a privilege escalation with the Assume Role request via STS. For more information on the AWS authentication process read the official documentation. Using a list of roles will chain the assumptions together. The connector gets session credentials for the first role with the initial credentials. Then, with the session credentials it assumes the second role and so on. The last session credentials are used for the actual API accesss. When aggregating data of an Organizational Unit, this chain is used only for the master account of the OU.
This parameter can be used in order to provide an external ID for cross-account access with the Session Token Service (STS).
Technical Name |
assume_external_id |
Category |
Authentication |
Type |
String null |
Default Value |
null |
Example Values |
null, 987654321098 |
The External ID is used with ever role assumption of the Assume Role ARN Chain. Read about the AWS authentication mechanism in the official documentation.