flink-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (FLINK-9686) Flink Kinesis Producer: Enable Kinesis authentication via AssumeRole
Date Wed, 04 Jul 2018 05:54:00 GMT

    [ https://issues.apache.org/jira/browse/FLINK-9686?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16532280#comment-16532280
] 

ASF GitHub Bot commented on FLINK-9686:
---------------------------------------

Github user asfgit closed the pull request at:

    https://github.com/apache/flink/pull/6221


> Flink Kinesis Producer: Enable Kinesis authentication via AssumeRole
> --------------------------------------------------------------------
>
>                 Key: FLINK-9686
>                 URL: https://issues.apache.org/jira/browse/FLINK-9686
>             Project: Flink
>          Issue Type: Improvement
>          Components: Kinesis Connector
>            Reporter: Franz Thoma
>            Assignee: Franz Thoma
>            Priority: Major
>              Labels: pull-request-available
>
> h2. Current situation:
> FlinkKinesisProducer can authenticate with Kinesis by retrieving credentials via one
of the following mechanisms:
>  * Environment variables
>  * System properties
>  * An AWS profile
>  * Directly provided credentials (\{{BASIC}})
>  * AWS's own default heuristic (\{{AUTO}})
> For streaming across AWS accounts, it is considered good practise to enable access to
the remote Kinesis stream via a role, rather than passing credentials for the remote account.
> h2. Proposed change:
> Add a new credentials provider specifying a role ARN, session name, and an additional
credentials provider supplying the credentials for assuming the role.
> Config example for assuming role {{<role-arn>}} with auto-detected credentials:{{}}
> {code:java}
> aws.credentials.provider: ASSUME_ROLE
> aws.credentials.provider.role.arn: <role-arn>
> aws.credentials.provider.role.sessionName: my-session-name
> aws.credentials.provider.role.provider: AUTO
> {code}
> {{ASSUME_ROLE}} credentials providers can be nested, i.e. it is possible to assume a
role which in turn is allowed to assume another role:
> {code:java}
> aws.credentials.provider: ASSUME_ROLE
> aws.credentials.provider.role.arn: <role-arn>
> aws.credentials.provider.role.sessionName: my-session-name
> aws.credentials.provider.role.provider: ASSUME_ROLE
> aws.credentials.provider.role.provider.role.arn: <nested-role-arn>
> aws.credentials.provider.role.provider.role.sessionName: my-nested-session-name
> aws.credentials.provider.role.provider.role.provider: AUTO
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message