You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@flink.apache.org by "Sreenath Kodedala (JIRA)" <ji...@apache.org> on 2018/01/12 15:12:00 UTC
[jira] [Commented] (FLINK-8417) Support
STSAssumeRoleSessionCredentialsProvider in FlinkKinesisConsumer
[ https://issues.apache.org/jira/browse/FLINK-8417?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16324096#comment-16324096 ]
Sreenath Kodedala commented on FLINK-8417:
------------------------------------------
STSAssumeRole requires Role ARN to assume and RoleSessionName (Can set to some default value if not provided) and one thing to consider is these Temporary credentials are set to expire in an hour (Max). How can this be handled without blocking the data flow?
> Support STSAssumeRoleSessionCredentialsProvider in FlinkKinesisConsumer
> -----------------------------------------------------------------------
>
> Key: FLINK-8417
> URL: https://issues.apache.org/jira/browse/FLINK-8417
> Project: Flink
> Issue Type: New Feature
> Components: Kinesis Connector
> Reporter: Tzu-Li (Gordon) Tai
> Fix For: 1.5.0
>
>
> As discussed in ML: http://apache-flink-user-mailing-list-archive.2336050.n4.nabble.com/Kinesis-Connectors-With-Temporary-Credentials-td17734.html.
> Users need the functionality to access cross-account AWS Kinesis streams, using AWS Temporary Credentials [1].
> We should add support for {{AWSConfigConstants.CredentialsProvider.STSAssumeRole}}, which internally would use the {{STSAssumeRoleSessionCredentialsProvider}} [2] in {{AWSUtil#getCredentialsProvider(Properties)}}.
> [1] https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html
> [2] https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/STSAssumeRoleSessionCredentialsProvider.html
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)