cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
BookmarkSubscribeRSS Feed
McDiddles
Obsidian | Level 7 McDiddles
Obsidian | Level 7

Hide AWS KEYID and Secret when using Proc S3

Posted 11-12-2020 08:57 AM (906 views)

Greetings, 

 

I a SAS Viya 3.5 environment and need end users to use Proc s3 with key and secret. However I do not want the users to actually see the values of the ID and secret.   whether you use a custom config file or configure the AWS cli. I will  still need to grant users read access to the files. 

this means with a simple filename statement, users will be able to see the credentials to S3 and I don't want that. 

How is I secure these(hide them from end users) credentials and still have proc s3 read and use the files.  

0 Likes
Reply
4 REPLIES 4
SASKiwi
PROC Star SASKiwi
PROC Star

Re: Hide AWS KEYID and Secret when using Proc S3

Posted 11-12-2020 01:55 PM (872 views)  |   In reply to McDiddles

Please post an example of the issue, including the FILENAME and PROC S3 code.

0 Likes
Reply
McDiddles
Obsidian | Level 7 McDiddles
Obsidian | Level 7

Re: Hide AWS KEYID and Secret when using Proc S3

Posted 11-13-2020 04:00 AM (842 views)  |   In reply to SASKiwi

Step 1: configured AWS CLi on host.
which creates the config and credentiala file in /home/username/.aws/
the credential file contains the access KeyId and Secret which I don't want user to see

Step 2: run proc s3 which used those credentials to list a bucket and perform other operations;

Proc s3;
list "bucket-name";
run;

Step 3: This step is what I don't want users to be able to do but I cannot remove read permission on the credentials file;
filename secrets "/home/didie.muyco/.aws/credentials";
proc import datafile=secrets out=credentials dbms=dlm;
run;

The above import exports the credentials into SAS and end users can see it 😞 

McDiddles_0-1605257866621.png

How can I work around this? 

0 Likes
Reply
KS4NCS
Fluorite | Level 6 KS4NCS
Fluorite | Level 6

Re: Hide AWS KEYID and Secret when using Proc S3

Posted 12-02-2020 08:15 AM (723 views)  |   In reply to McDiddles

Hi
Which SAS release are you on?Possible to use IAM Roles?
Seem SAS has implemented it in the newer release.
https://documentation.sas.com/?cdcId=pgmsascdc&cdcVersion=9.4_3.5&docsetId=proc&docsetTarget=n1volod...
As i understand early of this year i still not able to use the IAM Roles.
Hope this help.

0 Likes
Reply
SASKiwi
PROC Star SASKiwi
PROC Star

Re: Hide AWS KEYID and Secret when using Proc S3

Posted 12-02-2020 02:15 PM (713 views)  |   In reply to McDiddles

Have you raised this with SAS Tech Support? You'll get a quicker answer that way.

Reply

suga badge.PNGThe SAS Users Group for Administrators (SUGA) is open to all SAS administrators and architects who install, update, manage or maintain a SAS deployment. 

Join SUGA 

Get Started with SAS Information Catalog in SAS Viya

SAS technical trainer Erin Winters shows you how to explore assets, create new data discovery agents, schedule data discovery agents, and much more.

Watch Get Started with SAS Information Catalog in SAS Viya on YouTube

Find more tutorials on the SAS Users YouTube channel.

Discussion stats
  • 4 replies
  • ‎11-12-2020 08:57 AM
  • 907 views
  • 1 like
  • 3 in conversation