Uploaded image for project: 'IMPALA'
  1. IMPALA
  2. IMPALA-6067

S3: Impala should be able to use IAM roles to access s3 storage

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Impala 2.7.0, Impala 2.8.0, Impala 2.9.0, Impala 2.10.0
    • Fix Version/s: Impala 2.11.0
    • Component/s: Infrastructure
    • Labels:
      None
    • Environment:
      EC2

      Description

      Amazon VMs can access s3 storage using supplied IAM roles for authentication, bypassing the need to carry around AWS access keys in environment variables, which are vulnerable to accidental disclosure.

      Impala should be able to utilize this mechanism for s3 access in addition to the usual AWS_ACCESS_KEY_ID / AWS_SECRET_ACCESS_KEY credential pair.

      This Amazon page explains how to obtain the temporary role credentials from within an EC2 instance.

      HADOOP-13277 explains how to configure HDFS to automatically authenticate to S3 using the instance's role.

        Attachments

          Activity

            People

            • Assignee:
              laszlog Laszlo Gaal
              Reporter:
              laszlog Laszlo Gaal
            • Votes:
              1 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: