Perform Autonomous Database Prerequisites to Use Amazon ARNs

Prior to using an AWS resource with DBMS_CLOUD.CREATE_CREDENTIAL with an ARN parameter, the ADMIN user must enable ARN on the Autonomous Database instance.

By default, ARN credential services are not enabled on Autonomous Database. The ADMIN user runs the procedure DBMS_CLOUD_ADMIN.ENABLE_AWS_ARN to enable the ADMIN user or other users to create credentials with ARN parameters.

  1. Enable the use of ARN credentials on the Autonomous Database instance.
    BEGIN
        DBMS_CLOUD_ADMIN.ENABLE_AWS_ARN(
            username => 'adb_user'); 
    END;
    /
    

    See ENABLE_AWS_ARN Procedure for more information.

  2. Query the CLOUD_INTEGRATIONS view to obtain Oracle's AWS user ARN.
    SELECT param_value FROM CLOUD_INTEGRATIONS
            WHERE param_name = 'aws_user_arn';
    
    PARAM_VALUE
    --------------------------------------------  
    arn:aws:iam::account-ID:user/username

    The view CLOUD_INTEGRATIONS is available to the ADMIN user or to a user with DWROLE privileges.

    The AWS administrator uses the aws_user_arn value when configuring the AWS role's trust relationship with the role and policies on the AWS system. Providing this value grants permission on the AWS side for DBMS_CLOUD to access AWS resources.