Assume Role gives existing AWS IAM users and service accounts temporary access to AWS resources in other accounts.
- Create the authorization object or have your administrator create it:
CREATE AUTHORIZATION S3Invoker_auth AS INVOKER TRUSTED USING AUTHSERVICETYPE 'ASSUME_ROLE' ROLENAME 'role_name' EXTERNALID 'external_id';
Where:
role_name is the Amazon Resource Name (ARN) of the role to assume. For example: arn:aws:iam::844102931058:role/STSAssumeRole_TestRole.
external_id is is the external ID which is assuming the role. For example: 3f68bc61-a455-4742-8039-8a03f0600db52.
- Use READ_NOS to read data from an S3 CSV bucket. Note, the READ_NOS command is implicit in the following statement:
SELECT * FROM ( LOCATION = 'location' AUTHORIZATION = S3Invoker_auth) as dt;
Where location is the bucket location. For example: /s3/s3.amazonaws.com/testuser1-sts-test/csv_default.csv.