[
https://issues.apache.org/jira/browse/HADOOP-15672?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran resolved HADOOP-15672.
-------------------------------------
Fix Version/s: 3.3.0
Resolution: Duplicate
> add s3guard CLI command to generate session keys for an assumed role
> --------------------------------------------------------------------
>
> Key: HADOOP-15672
> URL: https://issues.apache.org/jira/browse/HADOOP-15672
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.2.0
> Reporter: Steve Loughran
> Priority: Minor
> Fix For: 3.3.0
>
>
> the aws cli
> [get-session-token|https://docs.aws.amazon.com/cli/latest/reference/sts/get-session-token.html]
> can generate the keys for short-lived session.
> I'd like something similar in an s3guard command, e.g. "create-role-keys",
> which would take the existing (full) credentials and optionally:
> * ARN of role to adopt
> * duration
> * name
> * restrictions as path to a JSON file or just stdin
> * output format
> * whether to use a per-bucket binding for the credentials in the property
> names generated
> * MFA secrets
> output formats
> * A JCEKS file (with chosen passwd? For better hive use: append/replace
> entries in existing file); saved through the hadoop FS APIs to HDFS, file://
> or elsewhere
> * hadoop config XML
> * spark properties
> The goal here is to have a workflow where you can generate role credentials
> to use for a limited time, store them in a JCEKS file and then share them in
> your jobs. This can be for: Jenkins, Oozie, build files, ..
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-dev-h...@hadoop.apache.org
