Skip to content

AWS Credentials

Note: This feature is available in Lite, Enterprise, and Ultimate editions only.

DBeaver is integrated with AWS IAM authentication. Thus it provides the possibility to authenticate in AWS to access your cloud databases. To use IAM authentication in DBeaver, in connection configuration AWS RDS IAM should be selected as an authentication method:

image

DBeaver AWS IAM has endless ways to authorize and authenticate users. DBeaver supports all basic ones.

You can select the credentials type by selecting the required credential in Credentials selector:

image

Default credentials

When you use Default Credentials, AWS will then try to determine credentials by using the standard credential providers chain:

  • Java system properties
  • Environment variables
  • Web identity token from AWS STS
  • The shared credentials and config files
  • Amazon ECS container credentials
  • Amazon EC2 instance profile credentials
  • Amazon SSO credentials

Using default credentials is essentially the simplest way to integrate with various SSO providers and web identity providers, as they usually provide credentials through config files.

Please read the AWS credentials documentation for a detailed explanation.

To use Default credentials, enter the username in the User field and select the AWS region.

image

Access keys

It is the most straightforward way to authenticate. You only need to enter the IAM user access key and secret key. You can save them locally or (more securely) enter them every time you connect to a database.

image

As previously mentioned in the Default configuration, you should enter your username and select AWS region. Then, if you checked Save credentials locally, you need to fill in the Access key and Secret key fields. If Save credentials locally is not checked, the dialog asking to fill these fields will be prompted each time you connect to the database:

image

Official AWS instructions: Managing access keys for IAM users

AWS Profiles

Similar to default credentials, but you can also choose which credentials profile you want to use.

image

First, select the available configured profile, information how it can configured can be found below, then as in previous examples fill in User field and select your AWS region.

The official AWS instructions can be found at credentials config files.

Single Sign On

If your AWS account has a configured SSO portal, you can use a web-based SSO authorization. SSO support can be enabled for Default and Profile-based AWS authorization types. You need to turn on the "Enable SSO" option.

image

AWS Secrets Manager

If you have a configured AWS Secret, you can use it to access your database. Secrets can be used for RDS databases and Redshift. Instructions on how to create AWS Secret can be found here. A Password field is required.

To use this functionality tick Use AWS Secrets Manager and fill in the Secret Name field

image

Note

The secret needs to be in the same region as the database.