pgagnon opened a new pull request, #29623: URL: https://github.com/apache/airflow/pull/29623
This PR implements a new `web_identity_token_loader` for the AWS connection `AssumeRoleWithWebIdentity` authentication mechanism that fetches the access token from a location on the Airflow instance's filesystem. This can be especially useful for Kubernetes environments with the [Service Account Volume Projection](https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/#service-account-token-volume-projection) feature enabled. This is similar to the built-in boto mechanism configured through the `AWS_ROLE_ARN` and `AWS_WEB_IDENTITY_TOKEN_FILE` environment variables but is much more flexible as it can be configured individually at the Airflow connection level. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
