17.10 - Temporary Security Tokens - Access Module

Teradata® Tools and Utilities Access Module Reference

Access Module
Release Number
October 2021
English (United States)
Last Update

Some user accounts are set up so that use of S3 requires the use of a physical or virtual security device to enable the transaction. This is impractical for a batch job, so the Teradata Access Module for S3 supports use of a temporary, time-limited session token consisting of a temporary ID, Secret Key, and Security Token.

Use the AWS CLI with your credentials to obtain the three values:

aws sts get-session-token

This syntax assumes aws_access_key_id and aws_secret_access_key exist in your credentials file.

You will get a temporary AccessKeyId, SecretAccessKey, and SessionToken. These values map to Initialization String parameters as follows:
  • AccessKeyIdS3AccessId
  • SecretAccessKeyS3AccessKey
  • SessionTokenS3SecurityToken
You can also add these parameters and their values to a profile in your credentials file under a profile section with a name like [temp_credentials], and then specify that profile in your TPT script.
  • AccessKeyIdaws_access_key_id
  • SecretAccessKeyaws_secret_access_key
  • SessionTokenaws_session_token

To conceal these parameters, store these values in Teradata Wallet, or specify them on the Initialization String.

If your account requires Multi-Factor Authentication, see Multi-Factor Authentication.