[jira] [Resolved] (AIRFLOW-2807) Add support for External ID when using STS Assume Role

Bolke de Bruin (JIRA) Sat, 28 Jul 2018 08:33:08 -0700


     [ 
https://issues.apache.org/jira/browse/AIRFLOW-2807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Bolke de Bruin resolved AIRFLOW-2807.
-------------------------------------
       Resolution: Fixed
    Fix Version/s: 2.0.0

Issue resolved by pull request #3647
[https://github.com/apache/incubator-airflow/pull/3647]

> Add support for External ID when using STS Assume Role
> ------------------------------------------------------
>
>                 Key: AIRFLOW-2807
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2807
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: aws, boto3, hooks
>    Affects Versions: 1.10.1
>            Reporter: Vojtech Vondra
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> Currently the role assumption method works only if the granting account does 
> not specify an External ID. The external ID is used to solved the confused 
> deputy problem. When using the AWS hook to export data to multiple customers, 
> it's good security practice to use the external ID.
>  Documentation: 
> https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (AIRFLOW-2807) Add support for External ID when using STS Assume Role

Reply via email to