Configuring the Vertica Library for Amazon Web Services

Configure the Vertica library for Amazon Web Services (AWS) by setting session parameters with your AWS access key credentials and region. You can set your session parameters directly, or you can store your credentials in a table and set them with the AWS_SET_CONFIG function.

Because the AWS library is configured with session parameters, you must reconfigure the library with each new session.

Important: Your AWS access key ID and secret access key are different from your account access credentials. For more information about AWS access keys, visit the AWS documentation.

Use either of the following methods to securely set and store your AWS account credentials:

Note: To increase security, configure session parameters directly to avoid storing credentials within Vertica.

AWS Access Key Requirements

In order to communicate with AWS, your access key must have the following permissions:

For security purposes, Open Text Corporation recommends that you create a separate access key with limited permissions specifically for use with the Vertica Library for AWS.

Configuring Session Parameters Directly

Set the following session parameters for AWS using your own credentials:

Important: Parameter values are case sensitive.

Configuring Session Parameters Using Credentials Stored in a Table

You can place your credentials in a table and secure them with a row-level access policy. You can then call your credentials with the AWS_SET_CONFIG scalar meta-function. This approach allows you to store your credentials on your cluster for future session parameter configuration. You must have dbadmin access to create access policies.

  1. Create a table with rows or columns corresponding with your credentials:
    => CREATE TABLE keychain(accesskey varchar, secretaccesskey varchar);
  2. Store your credentials in the corresponding columns:
    => COPY keychain FROM STDIN;
    Enter data to be copied followed by a newline.
    End with a backslash and a period on a line by itself.
    >> AEXAMPLEI5EXAMPLEYXQ|CCEXAMPLEtFjTEXAMPLEiEXAMPLE6+Yz
    >> \.
    
  3. Set a row-level access policy appropriate to your security situation.
  4. With each new session, configure your session parameters by calling the AWS_SET_CONFIG parameter in a SELECT statement:
    => SELECT AWS_SET_CONFIG('aws_id', accesskey), AWS_SET_CONFIG('aws_secret', secretaccesskey) FROM keychain;
     aws_set_config | aws_set_config
    ----------------+----------------
     aws_id         | aws_secret
    (1 row)
  5. Important: Open Text Corporation recommends that you not use the AWS_SET_CONFIG function to configure your library directly. When you do so, your credentials are recorded in the server log.
  6. After you have configured your session parameters, verify them:
    => SHOW SESSION UDPARAMETER ALL;

Related Topics