Arun Ravi M V created HADOOP-17188:
--------------------------------------
Summary: Support for AWS
STSAssumeRoleWithWebIdentitySessionCredentialsProvider based credential
provider to support use of IRSA on deployments on AWS EKS Cluster
Key: HADOOP-17188
URL: https://issues.apache.org/jira/browse/HADOOP-17188
Project: Hadoop Common
Issue Type: Improvement
Components: fs/s3
Reporter: Arun Ravi M V
The latest version of AWS SDK has support to use IRSA for providing credentials
to Kubernetes pods which can potentially replace the use of Kube2IAM. For our
Apache Spark on Kubernetes use cases, this feature will be useful. The current
Hadoop AWS component does support adding custom credential provider but I think
if we could add STSAssumeRoleWithWebIdentitySessionCredentialsProvider support
to (using roleArn, role session name, web Identity Token File) to the
hadoop-aws library, it will be useful for the community as such who use AWS EKS.
[https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.html]
[https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder.html
]
[https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
