You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zeppelin.apache.org by cdfhuang <gi...@git.apache.org> on 2015/08/07 02:57:45 UTC

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

GitHub user cdfhuang opened a pull request:

    https://github.com/apache/incubator-zeppelin/pull/184

    Allow instance profile authentication with S3

    This PR generalizes authentication with S3 access (for storing notebooks) a bit. Before the only way to authenticate was to set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables. This change uses DefaultAWSCredentialsProviderChain for authentication, which allows instance profiles on EC2 instances for authentication with S3.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/cdfhuang/incubator-zeppelin s3_instance_profiles

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-zeppelin/pull/184.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #184
    
----
commit d0a0b03e87961c15164af3a1c97c8c059a2aeda3
Author: Corey Huang <co...@gmail.com>
Date:   2015-08-06T23:46:14Z

    Allow instance profile authentication with S3

commit 2fb5de04933bb5effd758c0525fa4dcb8ca031f6
Author: Corey Huang <co...@gmail.com>
Date:   2015-08-07T00:54:44Z

    Fix comment error

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

Posted by felixcheung <gi...@git.apache.org>.

Github user felixcheung commented on the pull request:

    https://github.com/apache/incubator-zeppelin/pull/184#issuecomment-129217516
  
    shouldn't we keep the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment approach as well?


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

Posted by cdfhuang <gi...@git.apache.org>.

Github user cdfhuang commented on the pull request:

    https://github.com/apache/incubator-zeppelin/pull/184#issuecomment-129218142
  
    Yup, we should, and the default provider chain takes care of that. The [documentation](http://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/auth/DefaultAWSCredentialsProviderChain.html) for the default provider chain mentions that it'll look at four different places in a pre-defined order for credentials. The first place is the environment variables. It will then fall back to Java properties, credentials files (~/.aws/credentials), and lastly instance profiles. So nothing is lost from the original way of authentication for S3 notebooks.
    
    One note is that the documentation mentions AWS_SECRET_KEY, but this [thread](https://github.com/aws/aws-cli/issues/97) mentions a standardization for AWS_SECRET_ACCESS_KEY. I've tested this PR to work with my set of AWS_SECRET_KEY and AWS_SECRET_ACCESS_KEY as well.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-zeppelin/pull/184


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

Posted by Leemoonsoo <gi...@git.apache.org>.

Github user Leemoonsoo commented on the pull request:

    https://github.com/apache/incubator-zeppelin/pull/184#issuecomment-129258695
  
    Tested and LGTM!


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-zeppelin pull request: Allow instance profile authentica...

Posted by felixcheung <gi...@git.apache.org>.

Github user felixcheung commented on the pull request:

    https://github.com/apache/incubator-zeppelin/pull/184#issuecomment-129221104
  
    I see. cool, thanks for explaining.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---