The following recommendations apply to pre-authenticated requests created for HeatWave Lakehouse:
Only use read-only pre-authenticated requests with Lakehouse.
Set a short expiration date for the pre-authenticated request URL that matches the data loading plan.
Do not make a pre-authenticated request URL publicly accessible.
-
If the target is a bucket:
Use Enable Object Listing when creating the pre-authenticated request in the console.
When creating the pre-authenticated request from the command line, include the
--access-type AnyObjectRead
parameter.
Use a resource principal for access to more sensitive data in Object Storage as it is more secure.