[jira] [Commented] (HADOOP-17188) Support for AWS STSAssumeRoleWithWebIdentitySessionCredentialsProvider based credential provider to support use of IRSA on deployments on AWS EKS Cluster

Arun Ravi M V (Jira) Wed, 02 Sep 2020 19:22:18 -0700


    [ 
https://issues.apache.org/jira/browse/HADOOP-17188?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17189791#comment-17189791
 ]


Arun Ravi M V commented on HADOOP-17188:
----------------------------------------

Here is the Jira ticket and pull request.

https://issues.apache.org/jira/browse/SPARK-27872

[https://github.com/apache/spark/pull/24748]

> Support for AWS STSAssumeRoleWithWebIdentitySessionCredentialsProvider based 
> credential provider to support use of IRSA on deployments on AWS EKS Cluster
> ---------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HADOOP-17188
>                 URL: https://issues.apache.org/jira/browse/HADOOP-17188
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/s3
>    Affects Versions: 3.3.0
>            Reporter: Arun Ravi M V
>            Priority: Minor
>
> The latest version of AWS SDK has support to use IRSA for providing 
> credentials to Kubernetes pods which can potentially replace the use of 
> Kube2IAM. For our Apache Spark on Kubernetes use cases, this feature will be 
> useful. The current Hadoop AWS component does support adding custom 
> credential provider but I think if we could add 
> STSAssumeRoleWithWebIdentitySessionCredentialsProvider support to (using 
> roleArn, role session name, web Identity Token File) to the hadoop-aws 
> library, it will be useful for the community as such who use AWS EKS.
> [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.html]
> [https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleWithWebIdentitySessionCredentialsProvider.Builder.html
> ] 
> [https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/]



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (HADOOP-17188) Support for AWS STSAssumeRoleWithWebIdentitySessionCredentialsProvider based credential provider to support use of IRSA on deployments on AWS EKS Cluster

Reply via email to