ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From zshamrock <aliaksandr.kaz...@gmail.com>
Subject Re: Old AWS SDK version, why?
Date Fri, 06 Jan 2017 13:00:32 GMT
Ok, Denis. I found the issue. Could you, please, create the corresponding
JIRA issue for Apache Ignite project (it looks I don't have enough rights to
do it myself).

The issue is the following (at least for Apache Ignite 1.7.0, but I guess
1.8.0 will not be any different):

- when you deploy Ignite on AWS (in clustered) you need to use
- /TcpDiscoveryS3IpFinder/ only has /setAwsCredentials/ which accepts
- If you check the source code this is how then credentials is used 
/s3 = cfg != null ? new AmazonS3Client(cred, cfg) : new
 inside /TcpDiscoveryS3IpFinder/
- /AmazonS3Client/ has also another way to construct the client by passing
public AmazonS3Client(AWSCredentialsProvider credentialsProvider) {
        this(credentialsProvider, new ClientConfiguration());
- If you pass /AWSCredentials/ in the S3 client instead it wraps in into
/StaticCredentialsProvider/ instead, i.e.
/public AmazonS3Client(AWSCredentials awsCredentials, ClientConfiguration
clientConfiguration) {
        this.awsCredentialsProvider = new
- S3 Amazon client (as all other AWS clients), never use credentials
directly, but instead call /awsCredentialsProvider.getCredentials()/ every
time credentials are required

One of the available /AWSCredentialsProvider/ is
/InstanceProfileCredentialsProvider/ which /getCredentials()/ implementation
refresh the AWS credentials if required (following EC2 instance profile
/public AWSCredentials getCredentials() {
        if (needsToLoadCredentials())
        if (expired()) {
            throw new AmazonClientException(
                    "The credentials received from the Amazon EC2 metadata
service have expired");
        return credentials;

So, the suggestion is to add support for /TcpDiscoveryS3IpFinder/ to accept
/AWSCredentialsProvider/ in addition to just only /AWSCredentials/, and then
passing it into underlying /AmazonS3Client/ (actually you can even wrap
/AWSCredentials/ into  /StaticCredentialsProvider/ and always pass
/AWSCredentialsProvider/ into S3 client).

View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Old-AWS-SDK-version-why-tp9824p9932.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

View raw message