AWS S3 - no secure auth

Kristen_Beneduce · November 3, 2025, 6:33pm

Question / Description: handing out long lived AWS S3 credentials to the retool (which we can be grabbed by any org user with a very simply created AI script – we’ve demo’d it) is unsafe.

Is there another way to authenticate Retool so it only gets short lived S3 creds and to ensure they can not be dumped from Environment?

Jack_T · November 10, 2025, 11:07pm

Hi @Kristen_Beneduce,

Have you tried using User Level Permissions to control which users can use AWS S3 Resources and Queries?

If you need to use S3 creds with shorter lived permissions, I believe you would need to generate those on the AWS side and then add them to a resource.

Topic		Replies	Views
Improve AWS resource connection security 💬 Feature Requests resource-connection	0	1250	September 27, 2021
How do you rotate your AWS credentials? 💬 Account & User Management	2	111	April 29, 2025
Use IAM Role for AWS Athena access instead of api keys 💬 Queries and Resources	4	2039	December 15, 2023
How can I set S3 resources using 'role to assume' without access key? 💬 Queries and Resources resource-connection	4	38	February 10, 2025
External ID for AWS IAM Resource 💬 Queries and Resources	4	60	August 12, 2025

AWS S3 - no secure auth

Related topics