Accessing AWS
Atlas is integrated with IDBroker for access to the AWS session credential using
Kerberos credentials for the atlas
service user.
The Atlas S3 extractor authenticates with the service user and receives a delegation token fom IDBroker. The extractor uses the token to request AWS credentials. By default, this credential has a lifetime of seven days, which can be adjusted in Cloudera Manager by modifying the Knox configuration property IDBroker Knox Token TTL.
If IDBroker is not configured, you can provide AWS credentials (AWS access key and secret key or temporary security credential) on the extractor command line or in a configuration file.