AWS SSO
Table of contents
Note: This feature is available in Lite, Enterprise, Ultimate and Team editions only.
Overview
AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to AWS resources.
You do not need to specify any user credentials explicitly in DBeaver connections configuration. All authorization is performed in a web browser in a 3rd party SSO provider, e.g. Google workspace, Microsoft AD portal, Facebook, etc.
Tip: DBeaver also supports AWS Systems Manager (SSM) for accessing databases. For detailed instructions on setting up AWS SSM, refer to the AWS SSM setup guide.
AWS CLI
You need to install AWS CLI (Command Line Interface) utilities to enable SSO authorization.
AWS CLI installation
AWS CLI version 2.2 is recommended.
AWS SSO configuration
If you are in a corporate environment where all AWS configurations are provided by system administrators then you do not need to configure SSO parameters.
Otherwise, you need to open the command shell (win+R), enter aws configure sso
, press enter, and provide the required parameters.
Read configuration instructions for the details.
Restart DBeaver after the AWS CLI SSO configuration will be finished.
Connection configuration
In the DBeaver database connection dialog you need to:
- Set Authentication to
AWS IAM
. - Set Credentials to
AWS Profile
. - Choose the profile which was configured with AWS SSO (see the previous chapter).
- Click on the
Enable SSO
check.
Now you can connect. DBeaver will open a web browser with SSO authorization.