[
https://issues.apache.org/jira/browse/HUDI-7699?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Danny Chen updated HUDI-7699:
-----------------------------
Fix Version/s: 1.0.0
> Support STS external ids and configurable session names in the AWS
> StsAssumeRoleCredentialsProvider
> ---------------------------------------------------------------------------------------------------
>
> Key: HUDI-7699
> URL: https://issues.apache.org/jira/browse/HUDI-7699
> Project: Apache Hudi
> Issue Type: New Feature
> Reporter: Ian Streeter
> Priority: Major
> Labels: pull-request-available
> Fix For: 1.0.0
>
>
> [HUDI-6695|https://issues.apache.org/jira/browse/HUDI-6695] added a AWS
> credentials provider to support assuming a role when syncing to Glue.
>
> We use Hudi in a multi-tenant environment, and our customers give us
> delegated access to their Glue catalog. In this multi-tenant setup it is
> important to use [an external
> ID|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html]
> to improve security when assuming IAM roles.
>
> Furthermore, the STS session name is currently hard-coded to "hoodie".
> It is helpful for us to have configurable session names so we have better
> tracability of what entities are creating STS sessions in the cloud.
>
> Currently, the assumed role is configured with the
> {{hoodie.aws.role.arn}} config property. I would like to add the following
> extra optional config properties, which will be used by the
> {{HoodieConfigAWSAssumedRoleCredentialsProvider}}:
>
> - {{hoodie.aws.role.external.id}}
> - {{hoodie.aws.role.session.name}}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
