AD FS credentials - Amazon Athena
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

AD FS credentials

A SAML-based authentication mechanism that enables authentication to Athena using Microsoft Active Directory Federation Services (AD FS). This method assumes that the user has already set up a federation between Athena and AD FS.

Credentials provider

The credentials provider that will be used to authenticate requests to Amazon. Set the value of this parameter to ADFS.

Parameter name Alias Parameter type Default value Value to use
CredentialsProvider AWSCredentialsProviderClass (deprecated) Required none ADFS

User

The email address of the AD FS user to use for authentication with AD FS.

Parameter name Alias Parameter type Default value
User UID (deprecated) Required for form-based authentication. Optional for Windows Integrated Authentication. none

Password

The password for the AD FS user.

Parameter name Alias Parameter type Default value
Password PWD (deprecated) Required for form-based authentication. Optional for Windows Integrated Authentication. none

ADFS host name

The address for your AD FS server.

Parameter name Alias Parameter type Default value
AdfsHostName IdP_Host (deprecated) Required none

ADFS port number

The port number to use to connect to your AD FS server.

Parameter name Alias Parameter type Default value
AdfsPortNumber IdP_Port (deprecated) Required none

ADFS relying party

The trusted relying party. Use this parameter to override the AD FS relying party endpoint URL.

Parameter name Alias Parameter type Default value
AdfsRelyingParty LoginToRP (deprecated) Optional urn:amazon:webservices

ADFS WIA enabled

Boolean. Use this parameter to enable Windows Integrated Authentication (WIA) with AD FS.

Parameter name Alias Parameter type Default value
AdfsWiaEnabled none Optional FALSE

Preferred role

The Amazon Resource Name (ARN) of the role to assume. For information about ARN roles, see AssumeRole in the Amazon Security Token Service API Reference.

Parameter name Alias Parameter type Default value
PreferredRole preferred_role (deprecated) Optional none

Role session duration

The duration, in seconds, of the role session. For more information, see AssumeRole in the Amazon Security Token Service API Reference.

Parameter name Alias Parameter type Default value
RoleSessionDuration Duration (deprecated) Optional 3600

Lake Formation enabled

Specifies whether to use the AssumeDecoratedRoleWithSAML Lake Formation API action to retrieve temporary IAM credentials instead of the AssumeRoleWithSAML Amazon STS API action.

Parameter name Alias Parameter type Default value
LakeFormationEnabled none Optional FALSE