Return-Path: X-Original-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Delivered-To: apmail-hadoop-common-issues-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id B51A510F32 for ; Thu, 7 May 2015 09:54:00 +0000 (UTC) Received: (qmail 86737 invoked by uid 500); 7 May 2015 09:54:00 -0000 Delivered-To: apmail-hadoop-common-issues-archive@hadoop.apache.org Received: (qmail 86683 invoked by uid 500); 7 May 2015 09:54:00 -0000 Mailing-List: contact common-issues-help@hadoop.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: common-issues@hadoop.apache.org Delivered-To: mailing list common-issues@hadoop.apache.org Received: (qmail 86671 invoked by uid 99); 7 May 2015 09:54:00 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 07 May 2015 09:54:00 +0000 Date: Thu, 7 May 2015 09:54:00 +0000 (UTC) From: "Steve Loughran (JIRA)" To: common-issues@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HADOOP-9384) Update S3 native fs implementation to use AWS SDK to support authorization through roles MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HADOOP-9384?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Steve Loughran updated HADOOP-9384: ----------------------------------- Resolution: Won't Fix Fix Version/s: 2.7.1 Assignee: (was: D. Granit) Status: Resolved (was: Patch Available) I'm closing this as a wontfix; s3a is the aws-tookit based successor to s3n, s3n is sensitive enough to change that we're scared of touching it out of fear of introducing yet-another-regression. thanks for your contribution...don't be afraid to submit changes to the s3a code to suit your need, as that one we are actively evolving/tuning. Even testing is welcome. > Update S3 native fs implementation to use AWS SDK to support authorization through roles > ---------------------------------------------------------------------------------------- > > Key: HADOOP-9384 > URL: https://issues.apache.org/jira/browse/HADOOP-9384 > Project: Hadoop Common > Issue Type: Improvement > Components: fs/s3 > Environment: Locally: RHEL 6, AWS S3 > Remotely: AWS EC2 (RHEL 6), AWS S3 > Reporter: D. Granit > Priority: Minor > Labels: BB2015-05-TBR > Fix For: 2.7.1 > > Attachments: HADOOP-9384-v2.patch, HADOOP-9384.patch > > > Currently the S3 native implementation {{org.apache.hadoop.fs.s3native.Jets3tNativeFileSystemStore}} requires credentials to be set explicitly. Amazon allows setting credentials for instances instead of users, via roles. Such are rotated frequently and kept in a local cache all of which is handled by the AWS SDK in this case the {{AmazonS3Client}}. The SDK follows a specific order to establish whether credentials are set explicitly or via a role: > - Environment Variables: AWS_ACCESS_KEY_ID and AWS_SECRET_KEY > - Java System Properties: aws.accessKeyId and aws.secretKey > - Instance Metadata Service, which provides the credentials associated with the IAM role for the EC2 instance > as seen in http://docs.aws.amazon.com/IAM/latest/UserGuide/role-usecase-ec2app.html > To support this feature the current {{NativeFileSystemStore}} implementation needs to be altered to use the AWS SDK instead of the JetS3t S3 libraries. > A request for this feature has previously been raised as part of the Flume project (FLUME-1691) where the HDFS on top of S3 implementation is used as a manner of logging into S3 via an HDFS Sink. -- This message was sent by Atlassian JIRA (v6.3.4#6332)