Create Credentials with ARN Parameters to Access AWS Resources

After ARN usage is enabled for the Autonomous Database instance and the ARN is configured by the AWS administrator, on Autonomous Database you can create a credential object with ARN parameters. Autonomous Database creates and secures the principal credentials you use to access the Amazon resources when you supply the credential object with DBMS_CLOUD procedures and functions.

To use Amazon resources with Autonomous Database, do the following:

  1. Create credentials using the procedure DBMS_CLOUD.CREATE_CREDENTIAL with the params parameter to specify the ARN value. For example:
    BEGIN
      DBMS_CLOUD.CREATE_CREDENTIAL(
        credential_name => 'DEF_CRED_ARN',
        params =>
            JSON_OBJECT('aws_role_arn' value 'arn:aws:iam::123456:role/AWS_ROLE_ARN',                                            
                        'external_id_type' value 'database_ocid')
      );
    END;
    /

    This operation creates the credentials in the database in an encrypted format. You can use any name for the credential name.

    For detailed information about the parameters, see CREATE_CREDENTIAL Procedure.

  2. Use a DBMS_CLOUD procedure to access an Amazon resource with the ARN credentials.

    For example, use DBMS_CLOUD.LIST_OBJECTS.

    SELECT object_name FROM DBMS_CLOUD.LIST_OBJECTS(
               credential_name => 'DEF_CRED_ARN',
               location_uri    => 'https://my-bucket.s3.us-west-2.amazonaws.com/');