Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FileIO S3: accept session_token #528

Closed
twuebi opened this issue Aug 7, 2024 · 2 comments · Fixed by #530
Closed

FileIO S3: accept session_token #528

twuebi opened this issue Aug 7, 2024 · 2 comments · Fixed by #530
Labels
good first issue Good for newcomers help wanted Extra attention is needed

Comments

@twuebi
Copy link
Contributor

twuebi commented Aug 7, 2024

Currently, FileIO does not work with temporary credentials obtained via aws sts, this is likely due to it not accepting the session token:

https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html

When you make a call using temporary security credentials, the call must include a session token, which is returned along with those temporary credentials. AWS uses the session token to validate the temporary security credentials.

The only accepted keys are:

/// Following are arguments for [s3 file io](https://py.iceberg.apache.org/configuration/#s3).
/// S3 endpoint.
pub const S3_ENDPOINT: &str = "s3.endpoint";
/// S3 access key id.
pub const S3_ACCESS_KEY_ID: &str = "s3.access-key-id";
/// S3 secret access key.
pub const S3_SECRET_ACCESS_KEY: &str = "s3.secret-access-key";
/// S3 region.
pub const S3_REGION: &str = "s3.region";

We should add support for s3.session-token.
@Xuanwo
Copy link
Member

Xuanwo commented Aug 7, 2024
edited
Loading

It's possible right now by using session_token. Would you like to help implementing this?

@Xuanwo Xuanwo added good first issue Good for newcomers help wanted Extra attention is needed labels Aug 7, 2024
@twuebi twuebi mentioned this issue Aug 7, 2024
Merged
@twuebi
Copy link
Contributor Author

twuebi commented Aug 9, 2024

I created a PR #530

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Extra attention is needed
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat(storage): support aws session token hansetag/iceberg-rust
2 participants
@Xuanwo @twuebi