AWS external identity provider connector for Retool enabling STS AssumeRole and temporary credential-based authentication instead of long-term access keys.
Built for Enterprise Retool users with AWS accounts enforcing zero-trust/no-long-term-keys security policies who cannot currently adopt Retool due to credential requirements..
The receipts — real demand
“Hello Retool team! Currently, based on my review of your documentation and community forums, it appears that the primary method for connection is through AWS long-term access keys. However, our organization is deprecating the use of long-term keys for security reasons.”
🔁 Corroborated on other sources
“Using OpenID Connect (OIDC) to authenticate with Amazon Web Services is a more secure method of authentication with AWS IAM that relies on the OIDC protocol rather than sharing long-lived access tokens, which can be dang…”
view →“Hey All, I'm using Retool's self hosted postgres db for an app I'm building. Is there a way to connect to that DB from another app? E.g pgAdmin 4 for example? When I go view the db connection details I can't view the p…”
view →“Does anybody else wish to see Presigned URL support in the S3 uploader? Presigned URLs let you create time-limited URLs to access a specific resource / perform a specific operation in AWS. Here’s the AWS doc on it: http…”
view →Why this is a gap
This pain showed up independently across 2 different sources — the strongest signal that demand is real and underserved.