BookmarkSubscribeRSS Feed
McDiddles
Obsidian | Level 7

Greetings, 

 

I a SAS Viya 3.5 environment and need end users to use Proc s3 with key and secret. However I do not want the users to actually see the values of the ID and secret.   whether you use a custom config file or configure the AWS cli. I will  still need to grant users read access to the files. 

this means with a simple filename statement, users will be able to see the credentials to S3 and I don't want that. 

How is I secure these(hide them from end users) credentials and still have proc s3 read and use the files.  

4 REPLIES 4
SASKiwi
PROC Star

Please post an example of the issue, including the FILENAME and PROC S3 code.

McDiddles
Obsidian | Level 7

Step 1: configured AWS CLi on host.
which creates the config and credentiala file in /home/username/.aws/
the credential file contains the access KeyId and Secret which I don't want user to see

Step 2: run proc s3 which used those credentials to list a bucket and perform other operations;

Proc s3;
list "bucket-name";
run;

Step 3: This step is what I don't want users to be able to do but I cannot remove read permission on the credentials file;
filename secrets "/home/didie.muyco/.aws/credentials";
proc import datafile=secrets out=credentials dbms=dlm;
run;

The above import exports the credentials into SAS and end users can see it 😞 

McDiddles_0-1605257866621.png

How can I work around this? 

KS4NCS
Fluorite | Level 6

Hi
Which SAS release are you on?Possible to use IAM Roles?
Seem SAS has implemented it in the newer release.
https://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.5&docsetId=proc&docsetTarget=n1volod...
As i understand early of this year i still not able to use the IAM Roles.
Hope this help.

SASKiwi
PROC Star

Have you raised this with SAS Tech Support? You'll get a quicker answer that way.

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • 1232 views
  • 1 like
  • 3 in conversation