Using Temporary Session Credentials
Temporary Security Credentials can be obtained from the AWS Security Token Service. These credentials consist of an access key, a secret key, and a session token.
To authenticate with these credentials:
Declare
org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider
as the provider.Set the session key in the property
fs.s3a.session.token
, and set the access and secret key properties to those of this temporary session.
<property> <name>fs.s3a.aws.credentials.provider</name> <value>org.apache.hadoop.fs.s3a.TemporaryAWSCredentialsProvider</value> </property> <property> <name>fs.s3a.access.key</name> <value>SESSION-ACCESS-KEY</value> </property> <property> <name>fs.s3a.secret.key</name> <value>SESSION-SECRET-KEY</value> </property> <property> <name>fs.s3a.session.token</name> <value>SECRET-SESSION-TOKEN</value> </property>
The lifetime of session credentials is determined when the credentials are issued; once they expire the application will no longer be able to authenticate to AWS.