17.10 - Temporary Security Tokens - Access Module

Teradata® Tools and Utilities Access Module Reference

Product
Access Module
Release Number
17.10
Published
October 2021
Language
English (United States)
Last Update
2021-11-02
dita:mapPath
uur1608578381725.ditamap
dita:ditavalPath
obe1474387269547.ditaval

Some user accounts are set up so that use of S3 requires the use of a physical or virtual security device to enable the transaction. This is impractical for a batch job, so the Teradata Access Module for S3 supports use of a temporary, time-limited session token consisting of a temporary ID, Secret Key, and Security Token.

Use the AWS CLI with your credentials to obtain the three values:

aws sts get-session-token

This syntax assumes aws_access_key_id and aws_secret_access_key exist in your credentials file.

You will get a temporary AccessKeyId, SecretAccessKey, and SessionToken. These values map to Initialization String parameters as follows:
  • AccessKeyIdS3AccessId
  • SecretAccessKeyS3AccessKey
  • SessionTokenS3SecurityToken
You can also add these parameters and their values to a profile in your credentials file under a profile section with a name like [temp_credentials], and then specify that profile in your TPT script.
  • AccessKeyIdaws_access_key_id
  • SecretAccessKeyaws_secret_access_key
  • SessionTokenaws_session_token

To conceal these parameters, store these values in Teradata Wallet, or specify them on the Initialization String.

If your account requires Multi-Factor Authentication, see Multi-Factor Authentication.