[
https://issues.apache.org/jira/browse/HADOOP-17188?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Steve Loughran updated HADOOP-17188:
------------------------------------
Priority: Minor (was: Major)
> Support for AWS STSAssumeRoleWithWebIdentitySessionCredentialsProvider based
> credential provider to support use of IRSA on deployments on AWS EKS Cluster
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: HADOOP-17188
> URL: https://issues.apache.org/jira/browse/HADOOP-17188
> Project: Hadoop Common
> Issue Type: Improvement
> Components: fs/s3
> Reporter: Arun Ravi M V
> Priority: Minor
>
> The latest version of AWS SDK has support to use IRSA for providing
> credentials to Kubernetes pods which can potentially replace the use of
> Kube2IAM. For our Apache Spark on Kubernetes use cases, this feature will be
> useful. The current Hadoop AWS component does support adding custom
> credential provider but I think if we could add
> STSAssumeRoleWithWebIdentitySessionCredentialsProvider support to (using
> roleArn, role session name, web Identity Token File) to the hadoop-aws
> library, it will be useful for the community as such who use AWS EKS.
> [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.html]
> [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder.html
> ]
> [https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: common-issues-unsubscr...@hadoop.apache.org
For additional commands, e-mail: common-issues-h...@hadoop.apache.org
