flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-8439) Document using a custom AWS Credentials Provider with flink-3s-fs-hadoop
Date Fri, 27 Jul 2018 09:12:00 GMT

    [ https://issues.apache.org/jira/browse/FLINK-8439?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16559452#comment-16559452

ASF GitHub Bot commented on FLINK-8439:

aljoscha commented on issue #6405: [FLINK-8439] Add Flink shading to AWS credential provider
s3 hadoop c…
URL: https://github.com/apache/flink/pull/6405#issuecomment-408360780
   Thanks! This looks good now. I'll merge once Travis is green. ūüĎĆ 

This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:

> Document using a custom AWS Credentials Provider with flink-3s-fs-hadoop
> ------------------------------------------------------------------------
>                 Key: FLINK-8439
>                 URL: https://issues.apache.org/jira/browse/FLINK-8439
>             Project: Flink
>          Issue Type: Improvement
>          Components: Documentation
>            Reporter: Dyana Rose
>            Assignee: Andrey Zagrebin
>            Priority: Critical
>              Labels: pull-request-available
>             Fix For: 1.4.3, 1.5.3
> This came up when using the s3 for the file system backend and running under ECS.
> With no credentials in the container, hadoop-aws will default to EC2 instance level credentials
when accessing S3. However when running under ECS, you will generally want to default to the
task definition's IAM role.
> In this case you need to set the hadoop property
> {code:java}
> fs.s3a.aws.credentials.provider{code}
> to a fully qualified class name(s). see [hadoop-aws docs|https://github.com/apache/hadoop/blob/1ba491ff907fc5d2618add980734a3534e2be098/hadoop-tools/hadoop-aws/src/site/markdown/tools/hadoop-aws/index.md]
> This works as expected when you add this setting to flink-conf.yaml but there is a further
'gotcha.'  Because the AWS sdk is shaded, the actual full class name for, in this case, the ContainerCredentialsProvider
> {code:java}
> org.apache.flink.fs.s3hadoop.shaded.com.amazonaws.auth.ContainerCredentialsProvider{code}
> meaning the full setting is:
> {code:java}
> fs.s3a.aws.credentials.provider: org.apache.flink.fs.s3hadoop.shaded.com.amazonaws.auth.ContainerCredentialsProvider{code}
> If you instead set it to the unshaded class name you will see a very confusing error
stating that the ContainerCredentialsProvider doesn't implement AWSCredentialsProvider (which
it most certainly does.)
> Adding this information (how to specify alternate Credential Providers, and the name
space gotcha) to the [AWS deployment docs|https://ci.apache.org/projects/flink/flink-docs-release-1.4/ops/deployment/aws.html] would
be useful to anyone else using S3.

This message was sent by Atlassian JIRA

View raw message