[
https://issues.apache.org/jira/browse/YARN-9039?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16694929#comment-16694929
]
Bibin A Chundatt commented on YARN-9039:
----------------------------------------
Thank you [~suma.shivaprasad] for discussion.
# We might have to fix LogAggregationHtmlBlock#checkAcls too.
About solution for the problem, I was reading though S3 documentation. Can we
make use of IAM folder and permission control.
# Configure separate bucket for logaggregation.(remote log directory)
# Following IAM configuration for nodemanager and JHS(Deletion service runs in
JHS)
https://aws.amazon.com/blogs/security/writing-iam-policies-how-to-grant-access-to-an-amazon-s3-bucket/
For individual users folder access control using.
https://aws.amazon.com/blogs/security/writing-iam-policies-grant-access-to-user-specific-folders-in-an-amazon-s3-bucket/
Will this work ??
> App ACLs are not validated when serving logs from Logs CLI/Yarn UI2
> -------------------------------------------------------------------
>
> Key: YARN-9039
> URL: https://issues.apache.org/jira/browse/YARN-9039
> Project: Hadoop YARN
> Issue Type: Bug
> Components: log-aggregation
> Reporter: Suma Shivaprasad
> Assignee: Suma Shivaprasad
> Priority: Critical
> Attachments: YARN-9039.1.patch, YARN-9039.2.patch
>
>
> App Acls are not being validated when serving logs through YARN CLI.
> This also applies while serving logs through YARN UIV2 through ATSV2 Log
> Webservice
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
---------------------------------------------------------------------
To unsubscribe, e-mail: yarn-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: yarn-issues-h...@hadoop.apache.org
