Eddie Ramirez created FLINK-34490: ------------------------------------- Summary: flink-connector-kinesis not correctly supporting credential chaining Key: FLINK-34490 URL: https://issues.apache.org/jira/browse/FLINK-34490 Project: Flink Issue Type: Bug Components: Connectors / Kinesis Affects Versions: 1.17.2, aws-connector-4.2.0 Reporter: Eddie Ramirez Attachments: Flink Credential Chaining.png
When using AWS credential chaining, `{{{}flink-connector-kinesis{}}}` does not correctly follow the chain of credentials. *Expected Result* `{{{}flink-connector-kinesis{}}}` should follow the `{{{}source_profile{}}}` for each respective profile in `{{{}~/.aws/config{}}}` to ultimately determine credentials. *Observed Result* `{{{}flink-connector-kinesis{}}}` only follows the first matching `{{{}source_profile{}}}` specified in `{{{}~/.aws/config{}}}` and then errors out because there is no credentials for that profile. {code:java} org.apache.flink.kinesis.shaded.com.amazonaws.SdkClientException: Unable to load credentials into profile [profile intermediate-role]: AWS Access Key ID is not specified {code} *Configuration* connector config {code:java} aws.credentials.provider: PROFILE aws.credentials.profile.name: flink-access-role{code} aws `{{{}~/.aws/config{}}}` file {code:java} [profile flink-access-role] role_arn = arn:aws:iam::xxxxxxxxx:role/flink-access-role source_profile = intermediate-role [profile intermediate-role] role_arn = arn:aws:iam::xxxxxxxxx:role/intermediate-role source_profile = aws-sso-role [profile aws-sso-role] sso_session = idc sso_role_name = xxxxx sso_account_id = xxxxx credential_process = aws configure export-credentials --profile=aws-sso-role [sso-session idc] sso_start_url = xxxxx sso_region = xxxxx sso_registration_scopes = sso:account:access {code} ``` -- This message was sent by Atlassian Jira (v8.20.10#820010)