0 Replies Latest reply on Oct 26, 2018 6:50 AM by Travis Edgar

    AWS STS Authentication

    Travis Edgar

      Hey All,

       

      We are trying to determine what the best way to use STS creds with the Tableau server would be?

       

      We are aware of how to customize the JDBC connector specifically using the 'custom credentials provider' interface AFTER you have attained your STS creds. The nature of STS is to allow temporary access which is preferable over simply issuing IAM creds. Our issue with creating IAM accounts/roles for Tableau is that to ensure uninterupted access between Tableau and AW service those IAM creds can't change.

       

      Not managing IAM roles correctly i.e. rotating keys every X days/months goes against AWS best practices as well as benchmarks like CIS Benchmarks For AWS.

       

      STS solves this issue and is why we would love to be able to use it.

       

      We are not working directly with Tableau, we are supporting 'consultants' who do. As such we do not have control where the Tableau server is deployed. This obviously complicates our use case.

       

      Is there any native way to achive this via the Tableua Server GUI?

      Perhaps is there a simple way to create a process that would manage a .properties file for JBDC/ODBC connections with STS creds?

       

      We appreciate any help.