Assuming a role using in Talend Route when establishing connection with AWS
I am trying to build a route that consumes messages from an AWS SQS queue. To do this, the underlying instance needs to assume an IAM role that has permissions to access the SQS queue. However, the default instance profile does not have access to this queue.
However, this capability appears to be missing from cAWSConnection when used in a Route.
Since I cannot use static access keys (access key/secret key), and the default instance profile cannot be granted direct access to the SQS queue, could someone please advise how to explicitly assume an IAM role using its ARN when creating a Route?
You are correct in your observations between the route components and the standard components. The ability to explicitly assume an IAM role (via Role ARN) is available in standard Talend components such as tSQSConnection, but this capability is not exposed in the mediation (Route) components like cAWSConnection.
This is due to an architectural difference: Route components are based on Apache Camel and rely on the AWS SDK’s default credential provider chain rather than exposing all authentication options directly in the component configuration. Route components are wrappers for Apache Camel, which prioritizes the AWS Default Credentials Provider Chain.
As a result, role assumption is still possible, but it must be configured outside of the component itself.
The recommended approach is to configure role assumption at the environment level so that the AWS SDK used by the Route can pick it up automatically.
If you require explicit control of role assumption within the job design itself, an alternative would be to use standard Talend Job components (such as tSQSConnection) instead of a Route. However, this would involve a change in design approach.
You can find the standard components for standard SQS and S3 connections below.
