SageMaker Browser IDC
An authentication plugin that enables connecting to Amazon Athena through SageMaker Unified Studio using AWS Identity and Access Management Identity Center credentials. This plugin authenticates a workforce identity via the SSO OIDC Authorization Code flow with PKCE (browser-based), then exchanges the resulting SSO access token for temporary credentials scoped to the SageMaker domain and retrieves the Athena environment credentials for the project.
Authentication Type
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| AuthenticationType | Required | none |
AuthenticationType=SageMakerBrowserIdc; |
SageMaker domain ID
The identifier of the SageMaker domain to use.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| SageMakerDomainId | Required | none |
SageMakerDomainId=d-abcdef1234; |
SageMaker project ID
The identifier of the SageMaker project to use.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| SageMakerProjectId | Required | none |
SageMakerProjectId=p-abcdef1234; |
SageMaker domain region
The AWS Region where your SageMaker domain is provisioned.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| SageMakerDomainRegion | Required | none |
SageMakerDomainRegion=us-east-1; |
SSO OIDC start URL
The issuer URL of the AWS Identity and Access Management Identity Center instance that the SageMaker domain uses.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| sso_oidc_start_url | Required | none |
sso_oidc_start_url=https://d-1234567890.awsapps.com/start; |
SSO OIDC region
The AWS Region where the AWS Identity and Access Management Identity Center instance is provisioned.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| sso_oidc_region | Required | none |
sso_oidc_region=us-east-1; |
SSO OIDC cache
When enabled, allows the same AWS Identity and Access Management Identity Center access token to be cached to disk and reused across driver connections. This prevents SQL tools that create multiple driver connections from launching multiple browser windows.
| Connection string name | Parameter type | Default value | Connection string example |
|---|---|---|---|
| sso_oidc_cache | Optional | false |
sso_oidc_cache=true; |
