[
https://issues.apache.org/jira/browse/BEAM-10850?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17236328#comment-17236328
]
Tun Chang commented on BEAM-10850:
----------------------------------
[~aromanenko]
This is the example code that I tried out.
Pipeline options setup:
{code:java}
options.setAwsCredentialsProvider(
new STSAssumeRoleSessionCredentialsProvider
.Builder(options.getAwsRoleArn().get(),
options.getAwsRoleSession().get())
.withExternalId(options.getAwsExternalId().get())
.withStsClient(AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials(
options.getAwsAccessKey().get(),
options.getAwsSecretKey().get())))
.withRegion(options.getAwsRegion().get())
.build())
.build());
{code}
AWS SDK call in
{noformat}
org.apache.beam.sdk.io.aws.options.AwsModule{noformat}
{code:java}
@Override
public AWSCredentialsProvider deserializeWithType(
JsonParser jsonParser, DeserializationContext context, TypeDeserializer
typeDeserializer)
throws IOException {
Map<String, String> asMap =
jsonParser.readValueAs(new TypeReference<Map<String, String>>() {});
String typeNameKey = typeDeserializer.getPropertyName();
String typeName = asMap.get(typeNameKey);
if (typeName == null) {
throw new IOException(
String.format("AWS credentials provider type name key '%s' not
found", typeNameKey));
}
if (typeName.equals(AWSStaticCredentialsProvider.class.getSimpleName())) {
return new AWSStaticCredentialsProvider(
new BasicAWSCredentials(asMap.get(AWS_ACCESS_KEY_ID),
asMap.get(AWS_SECRET_KEY)));
} else if
(typeName.equals(PropertiesFileCredentialsProvider.class.getSimpleName())) {
return new
PropertiesFileCredentialsProvider(asMap.get(CREDENTIALS_FILE_PATH));
} else if (typeName.equals(
ClasspathPropertiesFileCredentialsProvider.class.getSimpleName())) {
return new
ClasspathPropertiesFileCredentialsProvider(asMap.get(CREDENTIALS_FILE_PATH));
} else if
(typeName.equals(DefaultAWSCredentialsProviderChain.class.getSimpleName())) {
return new DefaultAWSCredentialsProviderChain();
} else if
(typeName.equals(EnvironmentVariableCredentialsProvider.class.getSimpleName()))
{
return new EnvironmentVariableCredentialsProvider();
} else if
(typeName.equals(SystemPropertiesCredentialsProvider.class.getSimpleName())) {
return new SystemPropertiesCredentialsProvider();
} else if
(typeName.equals(ProfileCredentialsProvider.class.getSimpleName())) {
return new ProfileCredentialsProvider();
} else if
(typeName.equals(EC2ContainerCredentialsProviderWrapper.class.getSimpleName()))
{
return new EC2ContainerCredentialsProviderWrapper();
} else if
(typeName.equals(STSAssumeRoleSessionCredentialsProvider.class.getSimpleName()))
{
return new STSAssumeRoleSessionCredentialsProvider.Builder(
asMap.get(ROLE_ARN), asMap.get(ROLE_SESSION_NAME))
.withExternalId(asMap.get(EXTERNAL_ID))
.withStsClient(
AWSSecurityTokenServiceClientBuilder.standard()
.withCredentials(
new AWSStaticCredentialsProvider(
new BasicAWSCredentials(
asMap.get(AWS_ACCESS_KEY_ID),
asMap.get(AWS_SECRET_KEY))))
.withRegion(asMap.get(AWS_REGION))
.build())
.build();
} else {
throw new IOException(
String.format("AWS credential provider type '%s' is not supported",
typeName));
}
}
}
{code}
> Ability to set S3 object ACL when uploading
> -------------------------------------------
>
> Key: BEAM-10850
> URL: https://issues.apache.org/jira/browse/BEAM-10850
> Project: Beam
> Issue Type: Improvement
> Components: io-java-aws
> Affects Versions: 2.23.0
> Reporter: Tun Chang
> Priority: P3
>
> I am using an AWS account to write to S3. However, the bucket owner doesn't
> have the access to the objects I uploaded. I'd like to set the object ACL to
> bucket-owner-full-control so that the bucket owner would have the full
> control over the objects I uploaded.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
