[jira] [Commented] (HADOOP-16470) make last AWS credential provider in default auth chain EC2ContainerCredentialsProviderWrapper

Tue, 30 Jul 2019 05:50:34 -0700 


    [ 
https://issues.apache.org/jira/browse/HADOOP-16470?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16896102#comment-16896102
 ] 

Steve Loughran commented on HADOOP-16470:
-----------------------------------------

{code}
/**
 * <p>
 * {@link AWSCredentialsProvider} that loads credentials from an Amazon 
Container (e.g. EC2)
 *
 * Credentials are solved in the following order:
 * <ol>
 *     <li>
 *         If environment variable "AWS_CONTAINER_CREDENTIALS_RELATIVE_URI" is
 *         set (typically on EC2) it is used to hit the metadata service at the 
following endpoint: http://169.254.170.2
 *     </li>
 *     <li>
 *         If environment variable "AWS_CONTAINER_CREDENTIALS_FULL_URI" is
 *         set it is used to hit a metadata service at that URI. <br/> 
Optionally an authorization token can be included
 *         in the "Authorization" header of the request by setting the 
"AWS_CONTAINER_AUTHORIZATION_TOKEN" environment variable.
 *     </li>
 *     <li>
 *         If neither of the above environment variables are specified 
credentials are attempted to be loaded from Amazon EC2
 *         Instance Metadata Service using the {@link 
InstanceProfileCredentialsProvider}.
 *     </li>
 * </ol>
 */
{code}

> make last AWS credential provider in default auth chain 
> EC2ContainerCredentialsProviderWrapper
> ----------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-16470
>                 URL: https://issues.apache.org/jira/browse/HADOOP-16470
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.3.0
>            Reporter: Steve Loughran
>            Priority: Major
>
> There's a new credential provider in the AWS SDK, 
> {{com.amazonaws.auth.EC2ContainerCredentialsProviderWrapper}}
>  this is designed to work within AWS containers as well as EC2 VMs, using env 
> vars to find container credentials first, falling back to the IAM metadata 
> service. This way, when deployed in a container or EC2 VM, it will always 
> find the session credentials for the deployed IAM Role



--
This message was sent by Atlassian JIRA
(v7.6.14#76016)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to