Workbench-managed AWS Credentials

Enhanced Advanced

Workbench can provide user-specific AWS credentials for RStudio Pro and VS Code sessions tied to their Single Sign-On (SSO) credentials. These credentials are not long-lived IAM access keys. Rather, they are temporary security credentials that refresh automatically while your session is active.

Starting the session

First, you must select the role and start the session.

• If your administrator has configured and enabled the AWS credentials integration, the selection widget displays an option for AWS.
• See Starting a Session with Workbench-managed credentials for more information about starting a session with managed credentials.

After selecting the role and starting the session, AWS credentials needed to connect programmatically to an AWS account (AWS_ROLE_ARN and AWS_WEB_IDENTITY_TOKEN_FILE) are available within the session.

Note

Once AWS credentials are successfully configured according to the AWS Credentials section of the Posit Workbench Administrator Guide, they’ll be available in RStudio Pro and VS Code sessions.

Checking for credentials

Verify which credentials are available using the AWS CLI. See the AWS CLI documentation for installation and usage instructions:

$ aws sts get-caller-identity

The output looks similar to this:

{
    "UserId": "xxxx:xxxxx",
    "Account": "xxxxxx",
    "Arn": "arn:aws:sts::xxxxx:assumed-role/yourrole-xxxx/i-xxxxx"
}

If you do not have AWS CLI installed, use the R paws package. The output of function sts$get_caller_identity() is also the same as the command above:

library(paws)

svc <- paws::sts()
sts$get_caller_identity()

More information about paws is available in the CRAN repo.

Example workflow

Now that we have confirmed that AWS credentials are available, use the paws package to access AWS resources programmatically. The following example shows how to write and read from an s3 bucket:

library(paws)

# create an S3 service object in the region you are working on
s3 <- paws::s3(config = list(region = "us-east-2"))

# locate the s3 bucket you want
bucket = 'colorado-projects'
s3$list_objects(Bucket = bucket)

# upload data to s3 bucket
s3$put_object(
  Bucket = bucket,
  Key = 'data.csv'
)

# read data from s3 bucket
s3_download <- s3$get_object(
  Bucket = bucket,
  Key = 1
)