AWS Console
This article outlines the integration with the AWS Console connector, enabling metadata management through features such as crawling, querying, and data preview. It also ensures secure authentication via Credential Manager.
Overview
Connector Details
Connector Category
Application
OvalEdge Releases Supported
8.1
Connectivity
[How the connection is established with AWS Console]
AWS SDK
Verified AWS Console Version
AWS APIs (STS, EC2, S3)
The AWS Console connector has been validated with the mentioned "Verified AWS Console Versions" and is expected to be compatible with other supported AWS Console versions. If there are any issues with validation or metadata crawling, please submit a support ticket for investigation and feedback.
Connector Features
Crawling
✅
Delta Crawling
❌
Profiling
❌
Query Sheet
❌
Data Preview
✅
Auto Lineage
❌
Manual Lineage
❌
Secure Authentication via Credential Manager
✅
Data Quality
❌
DAM (Data Access Management)
❌
Bridge
✅
Metadata Mapping
The following objects are crawled from the AWS Console and mapped to the corresponding UI assets.
Region
Region Name
Region Identifier
Container
Container
EC2 instance
Instance ID
Instance ID
Table / Entity
Entity
S3 bucket
Bucket Name
Bucket Name
File Folder
File Folder
Set up a Connection
Prerequisites
The following are the prerequisites to establish a connection:
Network and API access
The connector calls AWS over HTTPS. Ensure that outbound TCP port 443 (TLS) from the OvalEdge application environment to AWS service endpoints is allowed. If you use an HTTP proxy, it must permit HTTPS access to AWS. Connectivity uses AWS regional and global endpoints.
Restrictive firewalls, TLS inspection appliances, or proxy rules that block or alter traffic to AWS APIs can cause connection validation or crawl failures. Ensure HTTPS access is allowed to AWS STS, EC2, and S3 endpoints for your region.
Service Account User Permissions
It is recommended to use a separate service account to establish the connection to the data source, configured with the following minimum set of permissions.
👨💻 Who can provide these permissions? These permissions are typically granted by the AWS Console administrator, as users may not have the required access to assign them independently.
Connection Validation
Caller Identity
sts:GetCallerIdentity
IAM policy allowing sts:GetCallerIdentity
Crawling & Regions
Enabled Regions
ec2:DescribeRegions
IAM policy allowing ec2:DescribeRegions
Crawling & Query - EC2
Instances in a Region
ec2:DescribeInstances
IAM policy allowing ec2:DescribeInstances
Crawling & Query - S3
Buckets in the account
s3:ListAllMyBucket
IAM policy allowing s3:ListAllMyBuckets
Organization’s security policy may require additional resource constraints (ARNs). The connector makes read-only inventory calls. It does not start or stop instances or modify buckets unless the product configuration changes in the future.
Connection Configuration Steps
Users are required to have the Connector Creator role in order to configure a new connection.
Log in to OvalEdge, go to Administration > Connectors, click + (New Connector), search for AWS Console, and complete the required parameters.
Fields marked with an asterisk (*) are mandatory for establishing a connection.
Connector Type
By default, "AWS Console" is displayed as the selected connector type.
Credential Manager*
Select the desired credentials manager from the drop-down list. Relevant parameters will be displayed based on your selection.
Supported Credential Managers:
OE Credential Manager
AWS Secrets Manager
HashiCorp Vault
Azure Key Vault
Connector Name*
Enter a unique name for the AWS Console connection
(Example: "AWS_Console").
Connector description
Enter a brief description of the connector.
Access Key ID*
Enter the AWS IAM access key ID for the integration user or role.
Secret Access Key*
Enter the AWS IAM secret access key (masked).
Region
Enter the AWS Region (for example, us-xxx-1). If not provided, us-east-1 is used by default.
Default Governance Roles
Default Governance Roles*
Select the appropriate users or teams for each governance role from the drop-down list. All users and teams configured in OvalEdge Security are displayed for selection.
Admin Roles
Admin Roles*
Select one or more users from the dropdown list for Integration Admin and Security & Governance Admin. All users configured in OvalEdge Security are available for selection.
No of Archive Objects
No Of Archive Objects*
This shows the number of recent metadata changes to a dataset at the source. By default, it is off. To enable it, toggle the Archive button and specify the number of objects to archive.
Example: Setting it to 4 retrieves the last four changes, displayed in the 'Version' column of the 'Metadata Changes' module.
Bridge
Select Bridge*
If applicable, select the bridge from the drop-down list.
The drop-down list displays all active bridges configured in OvalEdge. These bridges enable communication between data sources and OvalEdge without altering firewall rules.
After entering all connection details, the following actions can be performed:
Click Validate to verify the connection.
Click Save to store the connection for future use.
Click Save & Configure to apply additional settings before saving.
The saved connection will appear on the Connectors home page.
Manage Connector Operations
Crawl/Profile
To perform crawl operations, users must be assigned the Integration Admin role.
The Crawl/Profile button allows users to select one or more schemas for crawling.
Navigate to the Connectors page and click Crawl/Profile.
Select the schemas to crawl.
The Crawl option is selected by default.
Click Run to collect metadata from the connected source and load it into the OvalEdge Data Catalog.
After a successful crawl, the information appears in the Data Catalog > Databases/Tables/Reports/Files/APIs tab.
The Schedule checkbox allows automated crawling at defined intervals, from a minute to a year.
Click the Schedule checkbox to enable the Select Period drop-down.
Select a time period for the operation from the drop-down menu.
Click Schedule to initiate metadata collection from the connected source.
The system will automatically execute the crawl operation at the scheduled time.
Other Operations
The Connectors page in OvalEdge provides a centralized view of all configured connectors, including their health status.
Managing connectors includes:
Connectors Health: Displays the current status of each connector using a green icon for active connections and a red icon for inactive connections, helping to monitor the connectivity with data sources.
Viewing: Click the Eye icon next to the connector name to view connector details, including databases, tables, columns, and codes.
Nine Dots Menu Options:
To view, edit, validate, configure, or delete connectors, click on the Nine Dots menu.
Edit Connector: Update and revalidate the data source.
Validate Connector: Check the connection's integrity.
Settings: Modify connector settings.
Crawler: Configure data extraction.
Access Instructions: Add notes on how data can be accessed.
Business Glossary Settings: Manage term associations at the connector level.
Delete Connector: Remove a connector with confirmation.
Connectivity Troubleshooting
If incorrect parameters are entered, error messages may appear. Ensure all inputs are accurate to resolve these issues. If issues persist, contact the assigned support team.
1
Invalid connection config
Error Description:
Connection details are missing or incomplete.
Resolution:
Enter all required fields, including Access Key ID and Secret Access Key, and save again.
2
Access Key ID is required.
Error Description:
Access Key ID is missing.
Resolution:
Enter a valid Access Key ID.
3
Secret Access Key is required.
Error Description:
Secret Access Key is missing.
Resolution:
Enter a valid Secret Access Key.
4
AWS credentials validation failed
Error Description:
AWS could not validate the credentials.
Resolution:
Verify the IAM user status, ensure keys are active, check system time, and confirm network access to AWS over HTTPS. Retry validation.
5
Invalid token / signature mismatch
Error Description:
AWS rejected the request due to authentication failure.
Resolution:
Regenerate the keys if needed, ensure correct values are entered without extra spaces, and verify IAM permissions.
6
Failed to list AWS regions / objects
Error Description:
EC2 or S3 API call failed due to missing permissions.
Resolution:
Update IAM permissions, verify Region configuration, and retry.
Copyright © 2026, OvalEdge LLC, Peachtree Corners GA USA
Last updated
Was this helpful?