[
https://issues.apache.org/jira/browse/HDDS-13323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-13323:
---------------------------------
Target Version/s: (was: 2.2.0)
> STS - temporary, limited-privilege credentials service
> ------------------------------------------------------
>
> Key: HDDS-13323
> URL: https://issues.apache.org/jira/browse/HDDS-13323
> Project: Apache Ozone
> Issue Type: Epic
> Reporter: Ren Koike
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
> Attachments: sts.md
>
>
> With Amazon AWS, there is a central service called Security Token Service
> (STS) which has the ability to generate short-lived token to access some
> resources
> ([https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html].
> STS service can be used through REST APIs.
> {code:java}
> ozonesecure % docker compose exec scm bash
> bash-5.1$ aws sts assume-role --role-arn
> arn:aws:iam::123456789012:role/iceberg-data-all-access --role-session-name
> "iceberg-session-with-policy" --policy
> "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":\"s3:GetObject\",\"Resource\":\"arn:aws:s3:::iceberg\/*\"}]}"
> --duration-seconds 1800 --endpoint-url http://s3g:9880/sts
> {
> "Credentials": {
> "AccessKeyId": "ASIAJQAUS29ZJBFI7FMHJ0ZA",
> "SecretAccessKey": "AGiBdW9ezwAzI6cY3WimEIgAe+uavFpdhyEWMRwy",
> "SessionToken":
> "jgI8CAMaGEFTSUFKUUFVUzI5WkpCRkk3Rk1ISjBaQTjm1-7NxDNiGEFTSUFKUUFVUzI5WkpCRkk3Rk1ISjBaQYIBJDgyY2MwMjA1LTg3NWQtNDI2Ny05ZjNmLTIzNzhhMDY5MDIwNooBNmFybjphd3M6aWFtOjoxMjM0NTY3ODkwMTI6cm9sZS9pY2ViZXJnLWRhdGEtYWxsLWFjY2Vzc5IBMnN2Yy1pY2ViZXJnLXJlc3QtY2F0YWxvZy9pY2ViZXJnY2xpZW50QEVYQU1QTEUuQ09NmgFwcDFjNXVFMEVqY3lkbm95UUJsbG1KbXdvWFk2UFBEQ3ZUcytBK1MzallYVTVBWEtFSG9ETXhtYWEyS0xzYWdVNFd6eUNqUktIVXZkeVdLSFRtbk9EM2ZTNWd3dVRuOWkySXBHNFVjNGhBSTJZclFYbKIB8wF7ImdyYW50b3IiOiJyOmljZWJlcmctZGF0YS1hbGwtYWNjZXNzIiwibW9kZSI6IklOTElORSIsImdyYW50cyI6W3sicHJpbmNpcGFscyI6bnVsbCwicmVzb3VyY2VzIjpbImtleTpzM3YvaWNlYmVyZy8qIiwiYnVja2V0OnMzdi9pY2ViZXJnIiwidm9sdW1lOnMzdiJdLCJwZXJtaXNzaW9ucyI6WyJyZWFkIl19XSwiY3JlYXRlZEJ5Ijoic3ZjLWljZWJlcmctcmVzdC1jYXRhbG9nIiwiY3JlYXRlVGltZSI6MTc3MDc2MTc2MTk0OH0gZvh7ERi72EAGDpzFYK4hNN6kdP4REbsuHh7pqYtM0qgIU1RTVG9rZW4DU1RT",
> "Expiration": "2026-02-10T22:46:01Z"
> },
> "AssumedRoleUser": {
> "AssumedRoleId": "AROAG7DON49097XT1AOY:iceberg-session-with-policy",
> "Arn":
> "arn:aws:sts::123456789012:assumed-role/iceberg-data-all-access/iceberg-session-with-policy"
> }
> } {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
