trinodb / trino

Official repository of Trino, the distributed SQL query engine for big data, formerly known as PrestoSQL (https://trino.io)
https://trino.io
Apache License 2.0
10.55k stars 3.03k forks source link

Support aws_session_token for AWS temporary credentials access and secret keys #22518

Closed alberttwong closed 5 months ago

alberttwong commented 5 months ago

Per Session token is required for temporary credentials (i.e., the one time access key and the secret key received from AWS STS). AWS need it to validate your credentials.

If Trino don't support aws_session_token, this limits the use in AWS organization that use short or long term AWS temporary credentials

alberttwong commented 5 months ago
trino> show schemas in hudi;

Query 20240626_235713_00004_bymzv, FAILED, 1 node
Splits: 19 total, 0 done (0.00%)
0.39 [0 rows, 0B] [0 rows/s, 0B/s]

Query 20240626_235713_00004_bymzv failed: Error listing schemas for catalog hudi: The security token included in the request is invalid. (Service: AWSGlue; Status Code: 400; Error Code: UnrecognizedClientException; Request ID: 37992ac8-77f4-4a12-bf52-107628a8d818; Proxy: null)

hudi config file

connector.name=hudi
#hive.metastore.uri=thrift://hive-metastore:9083
hive.s3.aws-access-key=XXXX
hive.s3.aws-secret-key=YYYYY
hive.s3.path-style-access=true
hive.s3.region=us-west-2
#hive.s3.endpoint=http://minio:9000
hive.metastore=glue
hive.metastore.glue.region=us-west-2
hive.metastore.glue.aws-access-key=XXXX
hive.metastore.glue.aws-secret-key=YYYYY
ebyhr commented 5 months ago

Please take a look at https://github.com/trinodb/trino/issues/20804 and also https://github.com/trinodb/trino/pull/6102