Example: Using AWS Assume Role Authorization with READ_NOS - Teradata Vantage

Teradata® VantageCloud Lake
Deployment
VantageCloud
Edition
Lake
Product
Teradata Vantage
Published
January 2023
Language
English (United States)
Last Update
2024-04-03
dita:mapPath
phg1621910019905.ditamap
dita:ditavalPath
pny1626732985837.ditaval
dita:id
phg1621910019905

Assume Role gives existing AWS IAM users and service accounts temporary access to AWS resources in other accounts.

  1. Create the authorization object or have your administrator create it:
    CREATE AUTHORIZATION S3Invoker_auth
AS INVOKER TRUSTED
USING
AUTHSERVICETYPE 'ASSUME_ROLE'
ROLENAME 'role_name'
EXTERNALID 'external_id';

    Where:

    role_name is the Amazon Resource Name (ARN) of the role to assume. For example: arn:aws:iam::844102931058:role/STSAssumeRole_TestRole.

    external_id is is the external ID which is assuming the role. For example: 3f68bc61-a455-4742-8039-8a03f0600db52.

  2. Use READ_NOS to read data from an S3 CSV bucket. Note, the READ_NOS command is implicit in the following statement:
    SELECT * FROM (
  LOCATION = 'location'
  AUTHORIZATION = S3Invoker_auth) as dt;

    Where location is the bucket location. For example: /s3/s3.amazonaws.com/testuser1-sts-test/csv_default.csv.