Admin Security Private Link

Question

I am following the link:-
https://docs.snowflake.com/en/user-guide/admin-security-privatelink

This is to set up the private link between AWS and Snowflake.

The first command is aws sts get-federation-token --name sam

Here i am replacing the name Sam with Root user and executing in Cloudshell.

error occurred (AccessDenied) when calling the GetFederationToken operation: Cannot call GetFederationToken with session credentials

Not sure if it has to do with permissions. Please advise

Answer

I assume you've logged into the AWS Console with a Role? Roles, federation and temporary credentials are considered session credentials and thus cannot be used to obtain a new session token via a GetSessionToken call.

You'll have to using an IAM User to call that operation.

Answer

The error message you're encountering indicates that you're using session credentials (temporary security credentials) to call the GetFederationToken operation, which is not allowed. The GetFederationToken action must be called using long-term AWS security credentials, such as those associated with an IAM user.

```
# 1. Configure the AWS CLI to use the IAM user's access key and secret key
aws configure
# Enter IAM user's access key, secret key, and desired region when prompted

# 2. Run the aws sts get-federation-token command
aws sts get-federation-token --name YOUR_IAM_USER_NAME
# Replace YOUR_IAM_USER_NAME with the appropriate IAM user name
```

Admin Security Private Link

Relevant content