mosche opened a new issue, #23260: URL: https://github.com/apache/beam/issues/23260
### What would you like to happen? Users can programmatically set credential providers for AWS via options. However, only a limited subset of providers and configurations is supported. During serialization unsupported configurations are silently dropped causing confusing issues at runtime. The actual root cause is difficult to discover then. Instead, usage of unsupported configurations should be detected and fail with an appropriate message during serialization. Related to https://github.com/apache/beam/issues/23206 These providers rely on the system's environment to follow AWS conventions, there's no further configuration supported: - [DefaultCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/DefaultCredentialsProvider.html?is-external=true) - [EnvironmentVariableCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/EnvironmentVariableCredentialsProvider.html?is-external=true) - [SystemPropertyCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/SystemPropertyCredentialsProvider.html?is-external=true) - [ProfileCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/ProfileCredentialsProvider.html?is-external=true) - [ContainerCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/ContainerCredentialsProvider.html?is-external=true) Example: ``` --awsCredentialsProvider={"@type": "ProfileCredentialsProvider"} ``` Some other providers require additional configuration: - [StaticCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/auth/2.17.127/software/amazon/awssdk/auth/credentials/StaticCredentialsProvider.html?is-external=true) - [StsAssumeRoleCredentialsProvider](https://static.javadoc.io/software.amazon.awssdk/sts/2.17.127/software/amazon/awssdk/services/sts/auth/StsAssumeRoleCredentialsProvider.html?is-external=true) Examples: ``` --awsCredentialsProvider={ "@type": "StaticCredentialsProvider", "awsAccessKeyId": "key_id_value", "awsSecretKey": "secret_value" } ``` ``` --awsCredentialsProvider={ "@type": "StaticCredentialsProvider", "awsAccessKeyId": "key_id_value", "awsSecretKey": "secret_value", "sessionToken": "token_value" } ``` ``` --awsCredentialsProvider={ "@type": "StsAssumeRoleCredentialsProvider", "roleArn": "role_arn_Value", "roleSessionName": "session_name_value", "policy": "policy_value", "durationSeconds": 3600 } ``` ### Issue Priority Priority: 2 ### Issue Component Component: io-java-aws -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
