[ https://issues.apache.org/jira/browse/HADOOP-12807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15317370#comment-15317370 ]
Tobin Baker commented on HADOOP-12807: -------------------------------------- Thanks so much for getting this in, and sorry for slacking off on the tests! I don't think our CI configuration exposes us to much risk since the IAM user whose env vars are encrypted in our {{.travis.yml}} file has no permissions except read/write access to a dedicated test data S3 bucket. Also, our Travis account is restricted to users with write privileges on our Github repo, which is confined to our team. > S3AFileSystem should read AWS credentials from environment variables > -------------------------------------------------------------------- > > Key: HADOOP-12807 > URL: https://issues.apache.org/jira/browse/HADOOP-12807 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/s3 > Affects Versions: 2.7.2 > Reporter: Tobin Baker > Assignee: Tobin Baker > Priority: Minor > Fix For: 2.8.0 > > Attachments: HADOOP-12807-1.patch, HADOOP-12807-branch-2-004.patch > > > Unlike the {{DefaultAWSCredentialsProviderChain}} in the AWS SDK, the > {{AWSCredentialsProviderChain}} constructed by {{S3AFileSystem}} does not > include an {{EnvironmentVariableCredentialsProvider}} instance. This prevents > users from supplying AWS credentials in the environment variables > {{AWS_ACCESS_KEY_ID}} and {{AWS_SECRET_ACCESS_KEY}}, which is the only > alternative in some scenarios. > In my scenario, I need to access S3 from within a test running in a CI > environment that does not support IAM roles but does allow me to supply > encrypted environment variables. Thus, the only secure approach I can use is > to supply my AWS credentials in environment variables (plaintext > configuration files are out of the question). -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org