Omit chain from DuckDB S3 secret

ghukill · ghukill · commit 5b56965c68d2 · 2025-08-14T13:03:44.000-04:00
Why these changes are being introduced: It sounds like the best option for ECS tasks is using 'instance' as the provider chain type, where for local dev and/or lambdas it might be 'sso' or 'env'. Not having 'instance' appears to cause failures in the ECS task. How this addresses that need: By omitting the 'chain' option entirely from DuckDB secret creation we allow the default provider chain to take effect. Given our fairly normal usage of DuckDB and S3, this is probably the best approach. Side effects of this change: * DuckDB to S3 connections work in ECS Relevant ticket(s): * https://mitlibraries.atlassian.net/browse/TIMX-540
diff --git a/timdex_dataset_api/metadata.py b/timdex_dataset_api/metadata.py
@@ -194,7 +194,6 @@ def _configure_duckdb_s3_secret(
                 create or replace secret aws_s3_secret (
                     type s3,
                     provider credential_chain,
-                    chain 'sso;env;config',
                     refresh true
                     {scope_str}
                 );
