Amazon Web Services Connection¶
The Amazon Web Services connection type enables the AWS Integrations.
Authenticating to AWS¶
Authentication may be performed using any of the boto3 options. Alternatively, one can pass credentials in as a Connection initialisation parameter.
To use IAM instance profile, create an “empty” connection (i.e. one with no Login or Password specified).
Default Connection IDs¶
The default connection ID is aws_default.
Note
Previously, the aws_default connection had the “extras” field set to {"region_name": "us-east-1"} on install. This means that by default the aws_default connection used the us-east-1 region. This is no longer the case and the region needs to be set manually, either in the connection screens in Airflow, or via the AWS_DEFAULT_REGION environment variable.
Configuring the Connection¶
- Login (optional)
Specify the AWS access key ID.
- Password (optional)
Specify the AWS secret access key.
- Extra (optional)
Specify the extra parameters (as json dictionary) that can be used in AWS connection. The following parameters are supported:
aws_account_id: AWS account ID for the connectionaws_iam_role: AWS IAM role for the connectionexternal_id: AWS external ID for the connectionhost: Endpoint URL for the connectionregion_name: AWS region for the connectionrole_arn: AWS role ARN for the connectionaws_session_token: AWS session token if you use external credentials. You are responsible for renewing these.
Example “extras” field:
{ "aws_iam_role": "aws_iam_role_name", "region_name": "ap-southeast-2" }