Prerequisites Using the Amazon CLI Using a bash script Using a POST API request Using a Python script What's next?

Create a Apache Airflow web server access token

You can use the commands on this page to create a web server access token. An access token allows you access to your Amazon MWAA environment. For example, you can get a token, then deploy DAGs programmatically using Amazon MWAA APIs. The following section includes the steps to create an Apache Airflow web login token using the Amazon CLI, a bash script, a POST API request, or a Python script. The token returned in the response is valid for 60 seconds.

Prerequisites

The following section describes the preliminary steps required to use the commands and scripts on this page.

Access

Amazon account access in Amazon Identity and Access Management (IAM) to the Amazon MWAA permissions policy in Apache Airflow UI access policy: AmazonMWAAWebServerAccess.
Amazon account access in Amazon Identity and Access Management (IAM) to the Amazon MWAA permissions policy Full API and console access policy: AmazonMWAAFullApiAccess.

Amazon CLI

The Amazon Command Line Interface (Amazon CLI) is an open source tool that enables you to interact with Amazon services using commands in your command-line shell. To complete the steps on this page, you need the following:

The following example uses the create-web-login-token command in the Amazon CLI to create an Apache Airflow web login token.


aws mwaa create-web-login-token --name YOUR_ENVIRONMENT_NAME

The following example uses a bash script to call the create-web-login-token command in the Amazon CLI to create an Apache Airflow web login token.

Copy the contents of the following code sample and save locally as get-web-token.sh.


#!/bin/bash
HOST=YOUR_HOST_NAME
YOUR_URL=https://$HOST/aws_mwaa/aws-console-sso?login=true#
WEB_TOKEN=$(aws mwaa create-web-login-token --name YOUR_ENVIRONMENT_NAME --query WebToken --output text)
echo $YOUR_URL$WEB_TOKEN

Substitute the placeholders in red for YOUR_HOST_NAME and YOUR_ENVIRONMENT_NAME. For example, a host name for a public network may look like this (without the https://):
```
123456a0-0101-2020-9e11-1b159eec9000.c2.us-east-1.airflow.amazonaws.com
```
(optional) macOS and Linux users may need to run the following command to ensure the script is executable.
```
chmod +x get-web-token.sh
```
Run the following script to get a web login token.
```
./get-web-token.sh
```

You should see the following in your command prompt:


https://123456a0-0101-2020-9e11-1b159eec9000.c2.us-east-1.airflow.amazonaws.com/aws_mwaa/aws-console-sso?login=true#{your-web-login-token}

The following example uses a POST API request to create an Apache Airflow web login token.

Copy the following URL and paste in the URL field of your REST API client.
```
https://YOUR_HOST_NAME/aws_mwaa/aws-console-sso?login=true#WebToken
```
Substitute the placeholders in red for YOUR_HOST_NAME. For example, a host name for a public network may look like this (without the https://):
```
123456a0-0101-2020-9e11-1b159eec9000.c2.us-east-1.airflow.amazonaws.com
```
Copy the following JSON and paste in the body field of your REST API client.
```
{
  "name": "YOUR_ENVIRONMENT_NAME"
}
```
Substitute the placeholder in red for YOUR_ENVIRONMENT_NAME.
Add key-value pairs in the authorization field. For example, if you're using Postman, choose Amazon Signature, and then enter your:
- AWS_ACCESS_KEY_ID in AccessKey
- AWS_SECRET_ACCESS_KEY in SecretKey

You should see the following response:


{
  "webToken": "<Short-lived token generated for enabling access to the Apache Airflow Webserver UI>",
  "webServerHostname": "<Hostname for the WebServer of the environment>"
}

The following example uses the boto3 create_web_login_token method in a Python script to create an Apache Airflow web login token. You can run this script outside of Amazon MWAA. The only thing you need to do is install the boto3 library. You may want to create a virtual environment to install the library. It assumes you have configured Amazon authentication credentials for your account.

Copy the contents of the following code sample and save locally as create-web-login-token.py.


import boto3
mwaa = boto3.client('mwaa')
response = mwaa.create_web_login_token(
    Name="YOUR_ENVIRONMENT_NAME"
)
webServerHostName = response["WebServerHostname"]
webToken = response["WebToken"]
airflowUIUrl = 'https://{0}/aws_mwaa/aws-console-sso?login=true#{1}'.format(webServerHostName, webToken)
print("Here is your Airflow UI URL: ")
print(airflowUIUrl)

Substitute the placeholder in red for YOUR_ENVIRONMENT_NAME.
Run the following script to get a web login token.
```
python3 create-web-login-token.py
```

What's next?

Explore the Amazon MWAA API operation used to create a web login token at CreateWebLoginToken.

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Accessing Apache Airflow

Apache Airflow CLI token

Create a Apache Airflow web server access token

Contents

Prerequisites

Access

Amazon CLI

Using the Amazon CLI

Using a bash script

Using a POST API request

Using a Python script

What's next?