Gadam8
commented
2 years ago Currently, the only implemented options for cross account AWS access are using an IAM User w access key and secret id. We want to avoid that for security reasons. We should be able to specify a role ARN in the connector config that the DynamoDb connector will use.
Proposed changes: Create an optional field in the config that is a role ARN to pass to getCredentials. If that condition is met, return an STS assume role credentials provider instead of the default credentials provider.
I am in a similar situation and would love to see this change added. We are currently using this source connector and the Confluent sink connector. The sink connector allows roles to be used, or the AWS credentials can be assumed using environment variables - https://docs.confluent.io/kafka-connect-aws-dynamodb/current/overview.html#using-trusted-account-credentials. This would be much more useful for us for security reasons and would really appreciate some movement on this PR. Cheers 👍
bomwo
baganokodo2022
gfiehler
Currently, the only implemented options for cross account AWS access are using an IAM User w access key and secret id. We want to avoid that for security reasons. We should be able to specify a role ARN in the connector config that the DynamoDb connector will use.
Proposed changes: Create an optional field in the config that is a role ARN to pass to getCredentials. If that condition is met, return an STS assume role credentials provider instead of the default credentials provider.