Establish a User to Access Secrets Manager

Alation Cloud Service Applies to Alation Cloud Service instances of Alation

Customer Managed Applies to customer-managed instances of Alation

Use the information in this section if you are configuring IAM user credentials established as an access key and secret access key to access Secrets Manager.

Step 1: Configure an IAM User

This step is performed in the AWS IAM console

To configure an IAM user:

  1. In the AWS user interface, open the IAM console (IAM dashboard).

  2. In the left menu, under Access Management, select Users.

  3. Select the user for whom you want to create access keys or create a dedicated user for Alation. The user must have the secretsmanager:GetSecretValue permission, such as in the example policy below:

      "Version": "2012-10-17",
      "Statement": [
           "Sid": "VisualEditor0",
           "Effect": "Allow",
           "Action": "secretsmanager:GetSecretValue",
           "Resource": "*"
  4. Open the Security credentials tab of the user’s page and locate the Access keys section. Click Create access key in this section.

  5. Create an access key ID and a secret access key. See Managing access keys for IAM users - AWS Identity and Access Management for more details.

  6. Save both values for future reference.

Step 2: Create an Authentication Profile

This step is performed in Alation

You’ll need:

To create an authentication profile:

  1. Log in to your Alation instance as a Server Admin.

  2. Click the Admin Settings icon gear on top right to open the Admin Settings page.

  3. Under the Server Admin section, click Authentication to open the Authentication tab.

  4. Locate the section Authentication Configuration Methods for External Systems. Click Add Configuration, and then select AWS Secrets Manager as the method type. The Authentication Configuration Method page will open in a new browser tab.

  5. In Config Name, enter a unique name for the configuration. Save it for future reference when configuring the data source.

  6. Under Region, select the appropriate AWS region for the Secrets Manager service (the region under which your secrets are stored).

  7. Under Authentication Type, select IAM User. The fields AWS Access Key and AWS Secret Key will appear.



    On versions older than 2024.1.1, select the value iam_user. Other values will be statically present on the page.

  8. Under AWS Access Key, enter the AWS access key you created.

  9. Under AWS Secret Key, enter the AWS secret access key associated with your access key.

  10. Click Save. Alation attempts to create a connection, and if the connection is successful, the configuration is saved.

Now, you can use your integration with an OCF connector. See next: Configure Authentication with AWS Secrets Manager in Data Source Settings.