Elasticsearch: Add support for role assumption in s3 repository

Created on 23 Sep 2016  ·  3Comments  ·  Source: elastic/elasticsearch

S3 repository currently relies on either the IAM instance profile credentials or explicitly passed in access/secret credentials at time of repository creation.

I was thinking of working on a feature that allows the S3 repository module to take in an optional parameter role_name which is an IAM role name. If role_name is passed in, the plugin will use STS assume role to assume the passed role-name and use those credentials to write to S3.

The benefit is ability within an access controlled cluster to grant access to specific user roles to backup data into their own S3 buckets which could be on an AWS account completely different from the account that is running this cluster on EC2

:DistributeSnapshoRestore >enhancement
Source
picture malpani

Most helpful comment

Yes, I will work on a PR for this.

picture malpani on 23 Sep 2016
👍3

All 3 comments

It makes sense to me. Do you want to come with a PR on master branch ?

dadoonet picture dadoonet on 23 Sep 2016

Yes, I will work on a PR for this.

malpani picture malpani on 23 Sep 2016
👍3

Closing in favor of #16428

tlrx picture tlrx on 23 Mar 2018
Was this page helpful?
0 / 5 - 0 ratings

Related issues

martijnvg picture martijnvg  ·  3Comments
mayyamus picture mayyamus  ·  3Comments
rpalsaxena picture rpalsaxena  ·  3Comments
matthughes picture matthughes  ·  3Comments
rjernst picture rjernst  ·  3Comments