DBeaver Documentation



Note: This feature is available in Lite, Enterprise, Ultimate and Team editions only.

AWS Single Sign-On is a cloud-based single sign-on (SSO) service that makes it easy to centrally manage SSO access to AWS resources.
You do not need to specify any user credentials explicitly in DBeaver connections configuration. All authorization is performed in a web browser in a 3rd party SSO provider, e.g. Google workspace, Microsoft AD portal, Facebook, etc.

Tip: DBeaver also supports AWS Systems Manager (SSM) for accessing databases. For detailed instructions on setting up AWS SSM, refer to the AWS SSM setup guide.


You need to install AWS CLI (Command Line Interface) utilities to enable SSO authorization.
AWS CLI installation

AWS CLI version 2.2 is recommended.

AWS SSO configuration

If you are in a corporate environment where all AWS configurations are provided by system administrators then you do not need to configure SSO parameters. Otherwise, you need to open the command shell (win+R), enter aws configure sso, press enter, and provide the required parameters. Read configuration instructions for the details.

Restart DBeaver after the AWS CLI SSO configuration will be finished.

Connection configuration

In the DBeaver database connection dialog you need to:

  • Set Authentication to AWS IAM.
  • Set Credentials to AWS Profile.
  • Choose the profile which was configured with AWS SSO (see the previous chapter).
  • Click on the Enable SSO check.

Now you can connect. DBeaver will open a web browser with SSO authorization.