Add support for role assumption in s3 repository #20635
Labels
:Distributed Coordination/Snapshot/Restore
Anything directly related to the `_snapshot/*` APIs
>enhancement
Comments
|
It makes sense to me. Do you want to come with a PR on master branch ? |
|
Yes, I will work on a PR for this. |
clintongormley
added
:Distributed Coordination/Snapshot/Restore
|
Closing in favor of #16428 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
S3 repository currently relies on either the IAM instance profile credentials or explicitly passed in access/secret credentials at time of repository creation.
I was thinking of working on a feature that allows the S3 repository module to take in an optional parameter
role_namewhich is an IAM role name. If role_name is passed in, the plugin will use STS assume role to assume the passed role-name and use those credentials to write to S3.The benefit is ability within an access controlled cluster to grant access to specific user roles to backup data into their own S3 buckets which could be on an AWS account completely different from the account that is running this cluster on EC2
The text was updated successfully, but these errors were encountered: