[
https://issues.apache.org/jira/browse/HADOOP-16573?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16929220#comment-16929220
]
Steve Loughran commented on HADOOP-16573:
-----------------------------------------
we're not actually asking for all admin permissions in the role.
I'm going to propose we do ask for all permissons, and rely on role-level
restrictions instead, which is the way to be 100% confident that everyone in
that role lacks the rights
> IAM role created by S3A DT doesn't include DynamoDB scan
> --------------------------------------------------------
>
> Key: HADOOP-16573
> URL: https://issues.apache.org/jira/browse/HADOOP-16573
> Project: Hadoop Common
> Issue Type: Sub-task
> Components: fs/s3
> Affects Versions: 3.3.0
> Reporter: Steve Loughran
> Priority: Minor
>
> You can't run {{s3guard prune}} with role DTs as we don't create it with
> permissons to do so.
> I think it may actually be useful to have an option where we don't restrict
> the role. This doesn't just help with debugging, it would let things like SQS
> integration pick up the creds from S3A.
--
This message was sent by Atlassian Jira
(v8.3.2#803003)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
