Ian Streeter created HUDI-7699:
----------------------------------
Summary: Support STS external ids and configurable session names
in the AWS StsAssumeRoleCredentialsProvider
Key: HUDI-7699
URL: https://issues.apache.org/jira/browse/HUDI-7699
Project: Apache Hudi
Issue Type: New Feature
Reporter: Ian Streeter
[HUDI-6695|https://issues.apache.org/jira/browse/HUDI-6695] added a AWS
credentials provider to support assuming a role when syncing to Glue.
We use Hudi in a multi-tenant environment, and our customers give us
delegated access to their Glue catalog. In this multi-tenant setup it is
important to use [an external
ID|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html]
to improve security when assuming IAM roles.
Furthermore, the STS session name is currently hard-coded to "hoodie". It
is helpful for us to have configurable session names so we have better
tracability of what entities are creating STS sessions in the cloud.
Currently, the assumed role is configured with the {{hoodie.aws.role.arn}}
config property. I would like to add the following extra optional config
properties, which will be used by the
{{HoodieConfigAWSAssumedRoleCredentialsProvider}}:
- {{hoodie.aws.role.external.id}}
- {{hoodie.aws.role.session.name}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
