Configure Authentication with AWS Secrets Manager in Data Source Settings¶
Alation Cloud Service Applies to Alation Cloud Service instances of Alation
Customer Managed Applies to customer-managed instances of Alation
Use the steps in this section to configure your data source to read the service account credentials from AWS Secrets Manager. You need the Data Source Admin level of the data source access or the Server Admin role to configure settings of a data source.
To configure authentication with AWS Secrets Manager on a data source:
Log in to Alation and go to the settings page of the OCF data source for which you’re setting up authentication with AWS Secrets Manager.
Open the General Settings tab of the settings page and click the vault option for each setting you want to configure using AWS Secrets Manager.
Click Select a Configuration and select the appropriate AWS Secrets Manager authentication profile.
Enter the Amazon Resource Name (ARN) of the secret that stores the desired setting. If the setting is stored as JSON key-value pairs, add a colon and the appropriate key. For example, the following ARN contains both username and password. The username can be extracted as
arn:aws:secretsmanager:us-east-1:123456789012:secret:uat-secrets-xxxxxx:username
Repeat as needed for additional settings.
Click Save. These identifiers will be used to look up the actual username and password stored in the AWS Secrets Manager.
Now, when a Data Source Admin performs MDE, QLI, Sampling, and Profiling, Alation will read the appropriate credentials from AWS Secrets Manager.