Using AWS credentials in VSCode

Enhanced | Advanced

Workbench can provide user-specific AWS credentials for VS Code sessions tied to their Single Sign-On credentials. These credentials are not long-lived Personal Access Tokens (PATs) but rather short-lived OAuth tokens and are refreshed automatically while your session is active.

If your administrator has configured and enabled the AWS credentials integration, a new drop-down displays in the New Session dialog. This allows you to select which AWS role to use.

Session selection pane showing AWS role dropdown

After selecting the role and starting the session, AWS credentials needed to connect programmatically to an AWS account (AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY) should already be available within the session.

Note

AWS credentials are only available in a VS Code session if the feature in Posit Workbench has been successfully set up following this guide. Work with your Posit administrator to configure this before using this feature.

Checking for credentials

To verify what credentials are available, use the aws cli in the Terminal in VSCode:

aws sts get-caller-identity

The output should look similar to this:

{
    "UserId": "xxxx:xxxxx",
    "Account": "xxxxxx",
    "Arn": "arn:aws:sts::xxxxx:assumed-role/yourrole-xxxx/i-xxxxx"
}

If for some reason you do not have aws CLI installed, use the Python boto3 package. The output of function STS.Client.get_caller_identity() is also the same as the command above:


import boto3

# create an sts client
client = boto3.client('sts')
response = client.get_caller_identity()

print(response)

Example workflow

Now that we have confirmed that AWS credentials are available, use the boto3 package to access AWS resources programmatically. The following example shows how to write and read from an s3 bucket:

import boto3

# create an s3 client
s3 = boto3.resource('s3')

# create a new bucket
s3.create_bucket(Bucket='python-projects',
                          CreateBucketConfiguration={
                              'LocationConstraint': 'us-east-2'})

# upload data to s3 bucket
s3.meta.client.upload_file(
    Filename='data', Bucket='python-projects',
    Key='data.csv')

# download data from s3 bucket locally
s3.Object('python-projects', 'data').download_file(
    f'/tmp/data.csv')
Back to top