You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@spark.apache.org by Ashic Mahtab <as...@live.com> on 2018/09/26 12:48:02 UTC

spark and STS tokens (Federation Tokens)

Hi,
I'm looking to have spark jobs access S3 with temporary credentials. I've seen some examples around AssumeRole, but I have a scenario where the temp credentials are provided by GetFederationToken. Is there anything that can help, or do I need to use boto to execute GetFederationToken, and then pass the temp credentials as config params?

Also, for both GetFederationToken and AssumeRole, is there a valid way of refreshing the tokens once the job executes? Temp credentials from AssumeRole are quite limited in lifetime, and even with GetFederationToken, the maximum a set of temp credentials are valid is limited to 36 hours. If there a callback or similar thing we can give to spark that will be called when credentials are about to (have) expire (expired)?

Thanks,
Ashic.