You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by "Apache Spark (JIRA)" <ji...@apache.org> on 2018/09/02 17:57:01 UTC

[jira] [Commented] (AIRFLOW-2807) Add support for External ID when using STS Assume Role

    [ https://issues.apache.org/jira/browse/AIRFLOW-2807?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16601283#comment-16601283 ] 

Apache Spark commented on AIRFLOW-2807:
---------------------------------------

User 'vvondra' has created a pull request for this issue:
https://github.com/apache/incubator-airflow/pull/3647

> Add support for External ID when using STS Assume Role
> ------------------------------------------------------
>
>                 Key: AIRFLOW-2807
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-2807
>             Project: Apache Airflow
>          Issue Type: Improvement
>          Components: aws, boto3, hooks
>    Affects Versions: 1.10.1
>            Reporter: Vojtech Vondra
>            Priority: Minor
>             Fix For: 2.0.0
>
>
> Currently the role assumption method works only if the granting account does not specify an External ID. The external ID is used to solved the confused deputy problem. When using the AWS hook to export data to multiple customers, it's good security practice to use the external ID.
>  Documentation: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)