[ https://issues.apache.org/jira/browse/HUDI-7699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Ethan Guo updated HUDI-7699: ---------------------------- Fix Version/s: 0.15.0 > Support STS external ids and configurable session names in the AWS > StsAssumeRoleCredentialsProvider > --------------------------------------------------------------------------------------------------- > > Key: HUDI-7699 > URL: https://issues.apache.org/jira/browse/HUDI-7699 > Project: Apache Hudi > Issue Type: New Feature > Reporter: Ian Streeter > Priority: Major > Labels: pull-request-available > Fix For: 0.15.0, 1.0.0 > > > [HUDI-6695|https://issues.apache.org/jira/browse/HUDI-6695] added a AWS > credentials provider to support assuming a role when syncing to Glue. > > We use Hudi in a multi-tenant environment, and our customers give us > delegated access to their Glue catalog. In this multi-tenant setup it is > important to use [an external > ID|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html] > to improve security when assuming IAM roles. > > Furthermore, the STS session name is currently hard-coded to "hoodie". > It is helpful for us to have configurable session names so we have better > tracability of what entities are creating STS sessions in the cloud. > > Currently, the assumed role is configured with the > {{hoodie.aws.role.arn}} config property. I would like to add the following > extra optional config properties, which will be used by the > {{HoodieConfigAWSAssumedRoleCredentialsProvider}}: > > - {{hoodie.aws.role.external.id}} > - {{hoodie.aws.role.session.name}} -- This message was sent by Atlassian Jira (v8.20.10#820010)