TechQA.

Using R and paws: How to set credentials using profile in config file?

1.7k views Asked by At

I use SSO and a profile as defined in ~/.aws/config (MacOS) to access AWS services, for instance:

aws s3 ls --profile myprofilename

I would like to access AWS services from within R, using the paws() package. In order to do this, I need to set my credentials in the R code. I want to do this through accessing the profile in the ~/.aws/config file (as opposed to listing access keys in the code), but I haven't been able to figure out how to do this.

I looked at the extensive documentation here, but it doesn't seem to cover my use case.

The best I've been able to come up with is:

x = s3(config = list(credentials = list(profile = "myprofilename")))
x$list_objects()

... which throws an error: "Error in f(): No credentials provided", suggesting that the first line of code above does not connect to my profile as stored in ~/.aws/config.

r amazon-web-services credentials profile r-paws
Original Q&A
3

There are 3 answers

0
geotheory On BEST ANSWER

If you have AWS cli credentials set up as a bash profile eg. ~/.aws/config:

[profile myprof]
region=eu-west-2
output=json

.. and credentials eg. ~/.aws/credentials:

[myprof]
aws_access_key_id = XXX
aws_secret_access_key = xxx

.. paws will use these if you add a line to ~/.Renviron:

AWS_PROFILE=myprof
4
Gorka On

An alternative is to generate a user/key with programmatic access to your S3 data. Then, assuming that ~/.aws/env contains the values of the generated key:

AWS_ACCESS_KEY_ID=abc
AWS_SECRET_ACCESS_KEY=123
AWS_REGION=us-east-1

insert the following line at the beginning of your file:

readRenviron("~/.aws/env")
0
GSSwain On

This AWS blog provides details about how to get the temporary credentials for programatic access. If you can get the credentials and set the appropriate environment variables, then the code should work fine without the profile name.

Or You can also try the following if you can get temporary credentials using aws cli

  • Check if you can generate temporary credentials aws sts assume-role --role-arn <value> --role-session-name <some-meaningful-session-name> --profile myprofilename

  • If you can execute the above successfully, then you can use this method to automate the process of generating credentials before your code runs.

  • Put the above command in a bash script get-temp-credentials.sh and generate a JSON containing the temporary credentials as per the documentation.

  • Add a new profile programmatic-access in the ~/.aws/config

[profile programmatic-access]
credential_process = "/path/to/get-temp-credentials.sh"
  • Finally update the code to use the profile name as programmatic-access

Related Questions in R

Related Questions in AMAZON-WEB-SERVICES

Related Questions in CREDENTIALS

Related Questions in PROFILE

Related Questions in R-PAWS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions