[
https://issues.apache.org/jira/browse/HDDS-13323?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Fabian Morgan updated HDDS-13323:
---------------------------------
Epic Name: Ozone STS AssumeRole API (was: Ozone STS)
> STS - temporary, limited-privilege credentials service
> ------------------------------------------------------
>
> Key: HDDS-13323
> URL: https://issues.apache.org/jira/browse/HDDS-13323
> Project: Apache Ozone
> Issue Type: Epic
> Reporter: Ren Koike
> Assignee: Fabian Morgan
> Priority: Major
> Labels: pull-request-available
> Attachments: sts.md
>
>
> With Amazon AWS, there is a central service called Security Token Service
> (STS) which has the ability to generate short-lived token to access some
> resources
> ([https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html)|https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html].
> STS service can be used through REST APIs.
>
> {code:java}
> ozonesecure % docker compose exec scm bash
> bash-4.4$ aws sts assume-role --role-arn
> arn:aws:iam::123456789012:role/MyTempAccessRole --role-session-name
> MyTempSession --duration-seconds 3600 --endpoint-url http://s3g:9878
>
> {
> "Credentials":{
> "AccessKeyId": "ASIAXRQR8WNR5SO4HQTD",
> "SecretAccessKey": "DB0uN5ZM4STSmLbhq34soncmmvauLyexEjsM7psP",
> "SessionToken":
> "H5L1Wd8+tOlttTOVBZ8PAW/kgltpFjHyhn9DKSMB1fhCs//A+bqhWiHfNSWgWbZYaXtvCeZfPxX3EV+nLH9TJRw75isDGKiA8swvQNke+QK3eVZQ/3oWuhe9PpB3IP2ydsmP61tpf+2mtfJoxHA/x5tKGZJ8dxv+9RceA/icTfw=",
> "Expiration": "2025-06-20T11:34:29.841476383Z"
> },
> "AssumedRoleUser":{
> "AssumedRoleId": "AROAVXJFKO2HQBF1E4Z0:MyTempSession",
> "Arn": "arn:aws:iam::123456789012:role/MyTempAccessRole"
> }
> }
> {code}
>
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
