Cloud settings for AWS #

AWS cross account IAM role usage is more secure than using access keys, and is often the only allowed method to authenticate to data sources.

In Starburst Galaxy, you can use an AWS cross account IAM role to configure access to data in S3 and the metadata in Amazon Glue in your S3 catalogs. This means you can define a cross account IAM role once, and then use it in multiple catalogs.

Use the following steps to configure a cross account IAM role:

  1. Configure a cross account IAM role in your AWS console, and take note of the ARN in the summary section. Alternatively request the ARN from your network administrator.

  2. Navigate to the Account section of the left-side menu in Starburst Galaxy.

  3. Expand the Cloud Settings menu, and select AWS.

  4. In the Cross account IAM roles pane, click Configure IAM role.

      Cloud settings dialog

  5. Provide a Starburst Galaxy-internal name for the IAM role in the Cross account IAM role alias field. This value displays in the list of cross account IAM roles as well as in the selection dialog in the catalog configuration.

  6. Input the ARN in the AWS IAM ARN field.

  7. Click Validate cross account IAM role.

      Configure cross account IAM roles dialog

  8. The new cross account IAM role is now configured in your account.

      success message

  9. Click Close. Your new role is now listed in the Cross account IAM roles list, and ready to use in your S3 catalog.

  Configured cross account IAM roles