You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Release note (enterprise change): Allow the ASSUME_ROLE parameter in AWS and
GCP storage and KMS URIs to specify a list of roles with a comma-separated
string. The roles in the list can then be chain assumed in order to access the
resource specified by the URI.
For example, if a destination in S3 can only be accessed by RoleB, and the
identity corresponding to implicit auth can only assume RoleB through an
intermediate role RoleA, then this chain assumption can be specified in the S3
URI:
s3://bucket/key?AUTH=implicit&ASSUME_ROLE=RoleA,RoleB
In addition, remove the "assume" auth mode from AWS URIs, and instead use the
ASSUME_ROLE parameter to indicate that a role should be assumed for
authentication. Below are some examples:
Exalate commented:
Related PR: cockroachdb/cockroach#83712
Commit: cockroachdb/cockroach@ff917d9
Release note (enterprise change): Allow the ASSUME_ROLE parameter in AWS and
GCP storage and KMS URIs to specify a list of roles with a comma-separated
string. The roles in the list can then be chain assumed in order to access the
resource specified by the URI.
For example, if a destination in S3 can only be accessed by RoleB, and the
identity corresponding to implicit auth can only assume RoleB through an
intermediate role RoleA, then this chain assumption can be specified in the S3
URI:
s3://bucket/key?AUTH=implicit&ASSUME_ROLE=RoleA,RoleB
In addition, remove the "assume" auth mode from AWS URIs, and instead use the
ASSUME_ROLE parameter to indicate that a role should be assumed for
authentication. Below are some examples:
S3: s3:///?AUTH=specified&ASSUME_ROLE=<role_arn>&AWS_ACCESS_KEY_ID=<access_key>&AWS_SECRET_ACCESS_KEY=<secret_key>
AWS KMS: aws:///<key_arn>?AUTH=implicit®ION=&ASSUME_ROLE=<role_arn>
Jira Issue: DOC-5102
The text was updated successfully, but these errors were encountered: