Your external object store must be configured to allow Analytics Database access.
When you configure external storage, you set the credentials to your external object store. Those credentials are used in SQL statements by Analytics Database. The supported credentials correspond to the values shown in the following table. These credentials are used for USER and PASSWORD by the CREATE AUTHORIZATION command and for ACCESS_ID and ACCESS_KEY by READ_NOS and WRITE_NOS.
| System/Scheme | USER/ACCESS_ID | PASSWORD/ACCESS_KEY |
|---|---|---|
| AWS | Access Key ID | Access Key Secret |
| Azure / Shared Key | Storage Account Name | Storage Account Key |
| Azure Shared Access Signature (SAS) | Storage Account Name | Account SAS Token |
| Google Cloud (S3 interop mode) | Access Key ID | Access Key Secret |
| Google Cloud (native) | Client Email | Private Key |
| On-premises object storage | Access Key ID | Access Key Secret |
| Public access object storage | empty_string Enclose the empty string in single straight quotation marks: USER '' |
empty_string Enclose the empty string in single straight quotation marks: PASSWORD '' |
The following are alternatives to using an access key or password to secure S3-compatible external object storage. These are included in an authorization object, which is created by the CREATE AUTHORIZATION command:
- Amazon Identity and Access Management (IAM)
- AWS Assume Role used to allow existing AWS IAM users and service accounts temporary access to AWS resources in other accounts. See "Assume Role Authorization" in Teradata Vantage™ - SQL Data Definition Language Syntax and Examples, B035-1144.
To see examples of supported credentials, see Variable Substitutions for Examples.