Skip to main content

Get Imply role ARN to grant access to AWS resources

In Imply Polaris, you can authenticate connections to an Amazon resource, such as Amazon S3, using IAM role assumption. The following connections accept AWS IAM credentials:

With IAM role assumption, you grant permissions for your AWS IAM role to access your data and grant permissions for Imply to assume your AWS IAM role. For Imply to assume your role, list the Amazon Resource Name (ARN) of Imply's role as a principal in a trust policy attached to your role. This topic shows you how to use the Polaris API to get the ARN of Imply's role that you can add to the trust policy on your own AWS IAM role.

For more information on IAM role assumption, see Secure connections to AWS and the AWS documentation on AssumeRole and trust policies.

Get Imply role details

When you create a connection to an AWS resource, Polaris provides an ARN of the Imply AWS IAM role that will assume the role you designate in the connection. To grant Imply access to your data, include this ARN with the AssumeRole permission in a trust policy attached to your role.

In addition, you also get an external ID that you can use in your trust policy to control role assumption. For more information and example trust policies, see Secure connections to AWS.

Sample request

The following example shows how to send a GET request to the /v1/projects/PROJECT_ID/connectionsMeta endpoint to get the Imply role details:

curl --location --request GET "https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID/connectionsMeta" \
--header "Authorization: Basic $POLARIS_API_KEY" \

Sample response

A successful request returns a 200 OK response and a response similar to the following example:

{
  "implyArn": "arn:aws:iam::012345678901:role/imply-cluster-3b538a72-844f-4a09-883d-xxxxxxxxxxxx",
  "externalId": "22e65534-d088-4858-8b1e-xxxxxxxxxxxx"
}

Learn more

See the following topics for more information: