hadoop-common-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tobin Baker (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HADOOP-12807) S3AFileSystem should read AWS credentials from environment variables
Date Wed, 17 Feb 2016 04:23:18 GMT

     [ https://issues.apache.org/jira/browse/HADOOP-12807?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Tobin Baker updated HADOOP-12807:
    Fix Version/s: 2.7.3
     Release Note: Adds support to S3AFileSystem for reading AWS credentials from environment
           Status: Patch Available  (was: Open)

> S3AFileSystem should read AWS credentials from environment variables
> --------------------------------------------------------------------
>                 Key: HADOOP-12807
>                 URL: https://issues.apache.org/jira/browse/HADOOP-12807
>             Project: Hadoop Common
>          Issue Type: Improvement
>          Components: fs/s3
>    Affects Versions: 2.7.2
>            Reporter: Tobin Baker
>            Priority: Minor
>              Labels: security
>             Fix For: 2.7.3
>         Attachments: HADOOP-12807-1.patch
> Unlike the {{DefaultAWSCredentialsProviderChain}} in the AWS SDK, the {{AWSCredentialsProviderChain}}
constructed by {{S3AFileSystem}} does not include an {{EnvironmentVariableCredentialsProvider}}
instance. This prevents users from supplying AWS credentials in the environment variables
{{AWS_ACCESS_KEY_ID}} and {{AWS_SECRET_ACCESS_KEY}}, which is the only alternative in some
> In my scenario, I need to access S3 from within a test running in a CI environment that
does not support IAM roles but does allow me to supply encrypted environment variables. Thus,
the only secure approach I can use is to supply my AWS credentials in environment variables
(plaintext configuration files are out of the question).

This message was sent by Atlassian JIRA

View raw message