Arun Ravi M V created HADOOP-17188: -------------------------------------- Summary: Support for AWS STSAssumeRoleWithWebIdentitySessionCredentialsProvider based credential provider to support use of IRSA on deployments on AWS EKS Cluster Key: HADOOP-17188 URL: https://issues.apache.org/jira/browse/HADOOP-17188 Project: Hadoop Common Issue Type: Improvement Components: fs/s3 Reporter: Arun Ravi M V
The latest version of AWS SDK has support to use IRSA for providing credentials to Kubernetes pods which can potentially replace the use of Kube2IAM. For our Apache Spark on Kubernetes use cases, this feature will be useful. The current Hadoop AWS component does support adding custom credential provider but I think if we could add STSAssumeRoleWithWebIdentitySessionCredentialsProvider support to (using roleArn, role session name, web Identity Token File) to the hadoop-aws library, it will be useful for the community as such who use AWS EKS. [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.html] [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder.html ] [https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org For additional commands, e-mail: common-issues-h...@hadoop.apache.org