AWS
Configure AWS credentials for database connections using static keys or AWS profiles with SSO support.
AWS authentication profiles provide flexible credential management for AWS-based database services like Athena, Redshift, and DynamoDB. DBCode supports both static credentials and AWS profile-based authentication, including full SSO support.
Credential Sources
| Source | Use Case | Configuration |
|---|---|---|
| Static Credentials | Direct access key authentication | Access Key ID + Secret Access Key |
| AWS Profile | Profile-based authentication including SSO | Profile name from ~/.aws/config |
Static Credentials
Use static credentials when you have long-term IAM access keys:
Required fields:
- Access Key ID: Your AWS access key (starts with
AKIA...) - Secret Access Key: Your AWS secret key
Optional fields:
- Session Token: Required for temporary credentials from STS AssumeRole
- Default Region: AWS region (e.g.,
us-east-1)
Best for:
- Service accounts with IAM users
- Development environments with dedicated access keys
- Situations where SSO is not available
AWS Profile
Use AWS profiles to leverage your existing AWS CLI configuration, including SSO profiles:
Required fields:
- Profile Name: Profile from
~/.aws/configor~/.aws/credentials
Optional fields:
- Default Region: Overrides the region from your profile configuration
Supported profile types:
- Standard profiles with static credentials
- SSO profiles configured with
aws configure sso - Assume role profiles
- Credential process profiles
SSO Authentication
When using an SSO profile, DBCode automatically handles session management:
- Initial connection: If your SSO session is valid, DBCode uses your cached credentials
- Expired session: DBCode prompts you to log in with a single click
- Automatic login: Clicking “Log In” runs
aws sso login --profile <name>and opens your browser - Credential polling: DBCode waits for you to complete authentication, then continues connecting
Setting Up SSO Profiles
If you haven’t configured an SSO profile yet:
# Configure a new SSO profileaws configure sso --profile my-sso-profile
# Or manually add to ~/.aws/config:[profile my-sso-profile]sso_start_url = https://my-company.awsapps.com/startsso_region = us-east-1sso_account_id = 123456789012sso_role_name = MyRoleregion = us-west-2Supported Databases
The following databases support AWS authentication profiles:
- Athena - Query data in S3 using SQL
- Redshift - Data warehouse
- DynamoDB - NoSQL database
Troubleshooting
”SSO session expired for profile”
Cause: Your AWS SSO session has expired or you haven’t logged in yet.
Solution: Click “Log In” when prompted. DBCode will run aws sso login --profile <name> and open your browser for authentication.
”No AWS profiles found”
Cause: No profiles configured in ~/.aws/config or ~/.aws/credentials.
Solutions:
- Configure a profile using
aws configureoraws configure sso - Verify your AWS config files exist and have valid syntax
”Timed out waiting for SSO login”
Cause: SSO authentication wasn’t completed within 2 minutes.
Solutions:
- Try connecting again and complete the browser authentication promptly
- Check that your SSO portal is accessible
- Verify your SSO profile configuration is correct
”Failed to resolve AWS credentials for profile”
Cause: Profile configuration issue or missing dependencies.
Solutions:
- Verify the profile exists in your AWS config
- For assume role profiles, ensure the source credentials are valid
- Check AWS CLI is installed and configured correctly