Get Imply role ARN to grant access to AWS resources

info

Project-less regional API resources have been deprecated and will be removed by the end of September 2024.

You must include the project ID in the URL for all regional API calls in projects created after September 29, 2023. For example: https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID

Projects created before September 29, 2023 can continue to use project-less URLs until the end of September 2024. We strongly recommend updating your regional API calls to include the project ID prior to September 2024. See the API migration guide for more information.

In Imply Polaris, you can authenticate connections to an Amazon resource, such as Amazon S3, using IAM role assumption. The following connections accept AWS IAM credentials:

• Connect to Amazon S3
• Connect to Amazon Kinesis
• Connect to Amazon MSK

With IAM role assumption, you grant permissions for your AWS IAM role to access your data and grant permissions for Imply to assume your AWS IAM role. For Imply to assume your role, list the Amazon Resource Name (ARN) of Imply's role as a principal in a trust policy attached to your role. This topic shows you how to use the Polaris API to get the ARN of Imply's role that you can add to the trust policy on your own AWS IAM role.

For more information on IAM role assumption, see Secure connections to AWS and the AWS documentation on AssumeRole and trust policies.

Get Imply role details

When you create a connection to an AWS resource, Polaris provides an ARN of the Imply AWS IAM role that will assume the role you designate in the connection. To grant Imply access to your data, include this ARN with the AssumeRole permission in a trust policy attached to your role.

In addition, you also get an external ID that you can use in your trust policy to control role assumption. For more information and example trust policies, see Secure connections to AWS.

Sample request

The following example shows how to send a GET request to the /v1/projects/PROJECT_ID/connectionsMeta endpoint to get the Imply role details:

cURL

curl --location --request GET "https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID/connectionsMeta" \
--user ${POLARIS_API_KEY}:

Python

import requests

url = "https://ORGANIZATION_NAME.REGION.CLOUD_PROVIDER.api.imply.io/v1/projects/PROJECT_ID/connectionsMeta"

apikey = os.getenv("POLARIS_API_KEY")

payload={}
headers = {
  'Authorization': f'Basic {apikey}'
}

response = requests.request("GET", url, headers=headers, data=payload)

print(response.text)

Sample response

A successful request returns a 200 OK response and a response similar to the following example:

{
  "implyArn": "arn:aws:iam::012345678901:role/imply-cluster-3b538a72-844f-4a09-883d-xxxxxxxxxxxx",
  "externalId": "22e65534-d088-4858-8b1e-xxxxxxxxxxxx"
}

Learn more

See the following topics for more information:

• Secure connections to AWS
• Create a connection