Facing issue with Snowflake JDBC connector with AWS WORKLOAD_IDENTITY

[ashishcontech]

We wanted to use AWS WORKLOAD_IDENTITY for auth with snowflake,

If we use Default credential provider chain,

• either setting the AWS-KEY, SECRET-KEY, TOKEN as environment variable
• or it picks from the ~/.aws/credentials files
  It works fine.

The issue we have is as we have a multi-tenant app, we want to create a new IAM role for every client and we don't want to provide access to all the roles for default profile available in ~/.aws/credentials file

Now even though we set the assumeRole in connection properties, the role from ~/.aws/credentials is picked for validation with snowflake.. which is bound to fail.

We created sts-token and tried setting the environment variable ( AWS-KEY, SECRET-KEY, TOKEN) while initialising the connection, however still the default profile (~/.aws/credentials) is picked and it fails..

anyone else faced similar issue, or any work around will be much appreciated.

We are using HikariDataSource and snowflake-jdbc-connector version is 3.26

[sergiyvamz]

It seems that you need to initialize an AWS credentials provider with your keys and token. It's possible to override DefaultCredentialsProvider with a custom one. https://github.com/aws/aws-advanced-jdbc-wrapper/blob/main/docs/using-the-jdbc-driver/custom-configuration/AwsCredentialsConfiguration.md

I hope it helps you.