CREATE CREDENTIALS
Create credentials for accessing AWS and Google Cloud resources.
Syntax
CREATE CREDENTIALS <credential-name>
PROVIDER <provider>
OPTIONS (<provider-options>);
| Field | Description |
|---|---|
credential-name | Name for the credentials. |
provider | Cloud provider these credentials are for. Values: [aws, gcp] |
provider-options | Provider specific options. See below. |
AWS credentials
AWS credentials allow GlareDB to read and write objects in S3.
Creating AWS credentials requires access_key_id and secret_access_key. These correspond to an IAM user with permissions for accessing objects in S3.
CREATE CREDENTIALS my_aws_creds
PROVIDER aws
OPTIONS (
access_key_id = 'my_access_key_id',
secret_access_key = 'my_secret_access_key',
);
After creating the credentials, they can be used to access objects in S3:
SELECT * FROM parquet_scan(
's3://my_bucket/data/*.parquet',
my_aws_creds,
region => 'us-east-1'
);
As another example, the credentials can be used to write output of a query to S3:
COPY ( SELECT 5 AS a, 6 AS b )
TO 's3://my_bucket/data/output.parquet'
CREDENTIALS my_aws_creds ( region 'us-east-1' );
These examples require specifying region. GlareDB requires a region when connecting to an S3 resource. Use the AWS region of the bucket.
GCP credentials
GCP credentials allow GlareDB to read and write objects in GCS.
The service_account_key option is required when creating GCP credentials. service_account_key is a JSON-encoded key for a service account. Only buckets that this service account has read permissions for can be queryed.
CREATE CREDENTIALS my_gcp_creds
PROVIDER gcp
OPTIONS (
service_account_key = 'my_gcp_service_account_key',
);
After creating the credentials, they can be used to access objects in GCS:
SELECT * FROM parquet_scan(
'gs://my_bucket/data/*.parquet',
my_gcp_creds
);
As another example, the credentials can be used to write output of a query to GCS:
COPY ( SELECT 5 AS a, 6 AS b )
TO 'gs://my_bucket/data/output.parquet'
CREDENTIALS my_gcp_creds;