[HADOOP-15650] Add custom InstanceProfileCredentialsProvider with more resilience to throttling - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Sub-task
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: 3.1.0
Fix Version/s: None
Component/s: fs/s3
Labels:
None

Description

Add our own InstanceProfileCredentialsProvider class which uses the AWS implementation to retrieve credentials from EC2's instance info, but more resilient to overloading.

pass in client config with retry logic (HADOOP-15603)
use Invoke.retry() to retry
log/measure failures
maybe use the Async feature of the AWS SDK class, so that credential renewer doesn't block IO.
be shared amongst all AWS auth chains which need these credentials.

The singleton we current use for IAM auth doesn't do async, which is good as it ensures that we don't prematurely close it when AWSCredentialProviderList.close() closes its children.

Attachments

Issue Links

is related to

HADOOP-15603 S3A to support configuring various AWS S3 client extended options

Open

HADOOP-14237 S3A Support Shared Instance Profile Credentials Across All Hadoop Nodes

Resolved

relates to

HADOOP-14556 S3A to support Delegation Tokens

Resolved

Activity

People

Assignee:: Unassigned

Reporter:: Steve Loughran

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 03/Aug/18 00:16

Updated:: 04/Oct/22 17:02