Workbench-managed AWS Credentials

Enhanced Advanced

Workbench can provide user-specific AWS credentials for RStudio Pro and VS Code sessions tied to their Single Sign-On credentials. These credentials are not long-lived IAM access keys. Rather, they are temporary security credentials refreshed automatically while your session is active.

If your administrator has configured and enabled the AWS credentials integration, then the selection widget displays an AWS selection option. See Starting a Session with Workbench-managed credentials for more information about starting a session with managed credentials.

After selecting the role and starting the session, AWS credentials needed to connect programmatically to an AWS account (AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE) should already be available within the session.

Note

AWS credentials are only available in an RStudio Pro and VS Code sessions if the feature in Posit Workbench has been successfully configured according to the AWS Credentials section of the admin guide.

Checking for credentials

To verify which credentials are available, use the AWS CLI. See the AWS CLI documentation for installation and usage instructions:

$ aws sts get-caller-identity

The output should look similar to this:

{
    "UserId": "xxxx:xxxxx",
    "Account": "xxxxxx",
    "Arn": "arn:aws:sts::xxxxx:assumed-role/yourrole-xxxx/i-xxxxx"
}

If for some reason you do not have AWS CLI installed, you can use the R paws package. The output of function sts$get_caller_identity() is also the same as the command above:

library(paws)

svc <- paws::sts()
sts$get_caller_identity()

More information about paws is available on the CRAN repo.

Example workflow

Now that we have confirmed that AWS credentials are available, use the paws package to access AWS resources programmatically. The following example shows how to write and read from an s3 bucket:

library(paws)

# create an S3 service object in the region you are working on
s3 <- paws::s3(config = list(region = "us-east-2"))

# locate the s3 bucket you want
bucket = 'colorado-projects'
s3$list_objects(Bucket = bucket)

# upload data to s3 bucket
s3$put_object(
  Bucket = bucket,
  Key = 'data.csv'
)

# read data from s3 bucket
s3_download <- s3$get_object(
  Bucket = bucket,
  Key = 1
)
Back to top