[
https://issues.apache.org/jira/browse/BEAM-13956?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17493344#comment-17493344
]
Moritz Mack commented on BEAM-13956:
------------------------------------
[~i_maravic] So rather than having an environment with minimal default
credentials for AWS (just enough to support STS assume creds), you would like
to configure the STS client of the _StsAssumeRoleCredentialsProvider_ with
custom credentials (e.g. static secrets), right?
Such builder options are stored in the AttributeMap of SdkClientConfiguration.
It wouldn't be too bad to serialize a set of basic options (region, credentials
provider, endpoint) if different from defaults.
If serialized to a ClientConfiguration introduced in BEAM-13563
([https://github.com/apache/beam/pull/16760)|https://github.com/apache/beam/pull/16760]
it should be fairly straight forward to then build the StsClient accordingly.
Though, that's current work in progress
> Serialize/deserialize used StsClient when serializing/deserializing
> StsAssumeRoleCredentialsProvider
> ----------------------------------------------------------------------------------------------------
>
> Key: BEAM-13956
> URL: https://issues.apache.org/jira/browse/BEAM-13956
> Project: Beam
> Issue Type: Improvement
> Components: io-java-aws
> Reporter: Igor Maravić
> Priority: P3
> Labels: aws, aws-sdk-v2
>
> To use _StsAssumeRoleCredentialsProvider_ from the environment that doesn't
> have access to AWS defaults credentials one needs to provide configured
> _StsClient_ to {_}StsAssumeRoleCredentialsProvider{_}.
> If we don't serialize and consequently deserialize _StsClient_ that was
> provided to _StsAssumeRoleCredentialsProvider,_ we're not going to be able to
> use _StsAssumeRoleCredentialsProvider_ from the Beam pipeline.
> The goal of this ticket is to introduce this functionality.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)
