Ok, Denis. I found the issue. Could you, please, create the corresponding
JIRA issue for Apache Ignite project (it looks I don't have enough rights to
do it myself).
The issue is the following (at least for Apache Ignite 1.7.0, but I guess
1.8.0 will not be any different):
- when you deploy Ignite on AWS (in clustered) you need to use
/TcpDiscoveryS3IpFinder/
- /TcpDiscoveryS3IpFinder/ only has /setAwsCredentials/ which accepts
/AWSCredentials/
- If you check the source code this is how then credentials is used
/s3 = cfg != null ? new AmazonS3Client(cred, cfg) : new
AmazonS3Client(cred);/
inside /TcpDiscoveryS3IpFinder/
- /AmazonS3Client/ has also another way to construct the client by passing
/AWSCredentialsProvider/
/
public AmazonS3Client(AWSCredentialsProvider credentialsProvider) {
this(credentialsProvider, new ClientConfiguration());
}
/
- If you pass /AWSCredentials/ in the S3 client instead it wraps in into
/StaticCredentialsProvider/ instead, i.e.
/public AmazonS3Client(AWSCredentials awsCredentials, ClientConfiguration
clientConfiguration) {
super(clientConfiguration);
this.awsCredentialsProvider = new
StaticCredentialsProvider(awsCredentials);
init();
}/
- S3 Amazon client (as all other AWS clients), never use credentials
directly, but instead call /awsCredentialsProvider.getCredentials()/ every
time credentials are required
One of the available /AWSCredentialsProvider/ is
/InstanceProfileCredentialsProvider/ which /getCredentials()/ implementation
refresh the AWS credentials if required (following EC2 instance profile
workflow):
/public AWSCredentials getCredentials() {
if (needsToLoadCredentials())
loadCredentials();
if (expired()) {
throw new AmazonClientException(
"The credentials received from the Amazon EC2 metadata
service have expired");
}
return credentials;
}/
So, the suggestion is to add support for /TcpDiscoveryS3IpFinder/ to accept
/AWSCredentialsProvider/ in addition to just only /AWSCredentials/, and then
passing it into underlying /AmazonS3Client/ (actually you can even wrap
/AWSCredentials/ into /StaticCredentialsProvider/ and always pass
/AWSCredentialsProvider/ into S3 client).
--
View this message in context:
http://apache-ignite-users.70518.x6.nabble.com/Old-AWS-SDK-version-why-tp9824p9932.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.
