[incubator-druid] branch master updated: Add doc for S3 permissions settings (#7011)

Tue, 05 Feb 2019 11:52:57 -0800 

This is an automated email from the ASF dual-hosted git repository.

fjy pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-druid.git


The following commit(s) were added to refs/heads/master by this push:
     new 75c70c2  Add doc for S3 permissions settings (#7011)
75c70c2 is described below

commit 75c70c2ccc1feb064be63708557316bc4e1585ae
Author: Jihoon Son <[email protected]>
AuthorDate: Tue Feb 5 11:52:09 2019 -0800

    Add doc for S3 permissions settings (#7011)
    
    * Add doc for S3 permissions settings
    
    * add a comment about additional settings
---
 docs/content/configuration/index.md            | 3 ++-
 docs/content/development/extensions-core/s3.md | 6 ++++++
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/docs/content/configuration/index.md 
b/docs/content/configuration/index.md
index c63eb41..639bb45 100644
--- a/docs/content/configuration/index.md
+++ b/docs/content/configuration/index.md
@@ -536,6 +536,7 @@ This deep storage doesn't do anything. There are no configs.
 #### S3 Deep Storage
 
 This deep storage is used to interface with Amazon's S3. Note that the 
`druid-s3-extensions` extension must be loaded.
+The below table shows some important configurations for S3. See [S3 Deep 
Storage](../development/extensions-core/s3.html) for full configurations.
 
 |Property|Description|Default|
 |--------|-----------|-------|
@@ -543,7 +544,7 @@ This deep storage is used to interface with Amazon's S3. 
Note that the `druid-s3
 |`druid.s3.secretKey`|The secret key to use to access S3.|none|
 |`druid.storage.bucket`|S3 bucket name.|none|
 |`druid.storage.baseKey`|S3 object key prefix for storage.|none|
-|`druid.storage.disableAcl`|Boolean flag for ACL.|false|
+|`druid.storage.disableAcl`|Boolean flag for ACL. If this is set to `false`, 
the full control would be granted to the bucket owner. This may require to set 
additional permissions. See [S3 permissions 
settings](../development/extensions-core/s3.html#s3-permissions-settings).|false|
 |`druid.storage.archiveBucket`|S3 bucket name for archiving when running the 
*archive task*.|none|
 |`druid.storage.archiveBaseKey`|S3 object key prefix for archiving.|none|
 |`druid.storage.useS3aSchema`|If true, use the "s3a" filesystem when using 
Hadoop-based ingestion. If false, the "s3n" filesystem will be used. Only 
affects Hadoop-based ingestion.|false|
diff --git a/docs/content/development/extensions-core/s3.md 
b/docs/content/development/extensions-core/s3.md
index cead6cd..53e5df9 100644
--- a/docs/content/development/extensions-core/s3.md
+++ b/docs/content/development/extensions-core/s3.md
@@ -45,6 +45,7 @@ As an example, to set the region to 'us-east-1' through 
system properties:
 |`druid.s3.secretKey`|S3 secret key.|Must be set.|
 |`druid.storage.bucket`|Bucket to store in.|Must be set.|
 |`druid.storage.baseKey`|Base key prefix to use, i.e. what directory.|Must be 
set.|
+|`druid.storage.disableAcl`|Boolean flag to disable ACL. If this is set to 
`false`, the full control would be granted to the bucket owner. This may 
require to set additional permissions. See [S3 permissions 
settings](#s3-permissions-settings).|false|
 |`druid.storage.sse.type`|Server-side encryption type. Should be one of `s3`, 
`kms`, and `custom`. See the below [Server-side encryption 
section](#server-side-encryption) for more details.|None|
 |`druid.storage.sse.kms.keyId`|AWS KMS key ID. Can be empty if 
`druid.storage.sse.type` is `kms`.|None|
 |`druid.storage.sse.custom.base64EncodedKey`|Base64-encoded key. Should be 
specified if `druid.storage.sse.type` is `custom`.|None|
@@ -59,6 +60,11 @@ As an example, to set the region to 'us-east-1' through 
system properties:
 |`druid.s3.proxy.username`|User name to use when connecting through a 
proxy.|None|
 |`druid.s3.proxy.password`|Password to use when connecting through a 
proxy.|None|
 
+### S3 permissions settings
+
+`s3:GetObject` and `s3:PutObject` are basically required for pushing/loading 
segments to/from S3.
+If `druid.storage.disableAcl` is set to `false`, then `s3:GetBucketAcl` and 
`s3:PutObjectAcl` are additionally required to set ACL for objects.
+
 ## Server-side encryption
 
 You can enable [server-side 
encryption](https://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html)
 by setting


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to