[ https://issues.apache.org/jira/browse/FLINK-9686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16531291#comment-16531291 ]
ASF GitHub Bot commented on FLINK-9686: --------------------------------------- Github user tillrohrmann commented on the issue: https://github.com/apache/flink/pull/6221 Thanks @fmthoma for addressing @tzulitai comments. Merging this PR now. > Flink Kinesis Producer: Enable Kinesis authentication via AssumeRole > -------------------------------------------------------------------- > > Key: FLINK-9686 > URL: https://issues.apache.org/jira/browse/FLINK-9686 > Project: Flink > Issue Type: Improvement > Components: Kinesis Connector > Reporter: Franz Thoma > Assignee: Franz Thoma > Priority: Major > Labels: pull-request-available > > h2. Current situation: > FlinkKinesisProducer can authenticate with Kinesis by retrieving credentials > via one of the following mechanisms: > * Environment variables > * System properties > * An AWS profile > * Directly provided credentials (\{{BASIC}}) > * AWS's own default heuristic (\{{AUTO}}) > For streaming across AWS accounts, it is considered good practise to enable > access to the remote Kinesis stream via a role, rather than passing > credentials for the remote account. > h2. Proposed change: > Add a new credentials provider specifying a role ARN, session name, and an > additional credentials provider supplying the credentials for assuming the > role. > Config example for assuming role {{<role-arn>}} with auto-detected > credentials:{{}} > {code:java} > aws.credentials.provider: ASSUME_ROLE > aws.credentials.provider.role.arn: <role-arn> > aws.credentials.provider.role.sessionName: my-session-name > aws.credentials.provider.role.provider: AUTO > {code} > {{ASSUME_ROLE}} credentials providers can be nested, i.e. it is possible to > assume a role which in turn is allowed to assume another role: > {code:java} > aws.credentials.provider: ASSUME_ROLE > aws.credentials.provider.role.arn: <role-arn> > aws.credentials.provider.role.sessionName: my-session-name > aws.credentials.provider.role.provider: ASSUME_ROLE > aws.credentials.provider.role.provider.role.arn: <nested-role-arn> > aws.credentials.provider.role.provider.role.sessionName: > my-nested-session-name > aws.credentials.provider.role.provider.role.provider: AUTO > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005)