Comments (2)
I think this already works (CRT already supports STS with web identity auth, the AWS_WEB_IDENTITY_TOKEN_FILE
env var). We should test it.
from mountpoint-s3.
Monthon already had an EKS template. I put a quick build of the file connector into a container along with a script performing an ls -l
, put it on to EKS, along with a service account which grants access to the bucket.
It was able to list the bucket just fine.
total 0
-rw-r--r-- 1 root root 5 Feb 21 18:06 file1.txt
-rw-r--r-- 1 root root 5 Feb 21 18:06 file3.txt
drwxr-xr-x 2 root root 0 Jan 1 1970 subdir1
And if I block all S3 access from the IAM Role associated with the service account, we see that access is lost in the container:
Error: Failed to create mount process
2023-02-21T18:15:59.132424Z INFO s3_file_connector::aggregate_metrics: s3.meta_request_failures[op=head_bucket,status=403]: 1
2023-02-21T18:15:59.132505Z INFO s3_file_connector::aggregate_metrics: s3.meta_requests[op=head_bucket]: 2
Error: Failed to create S3 client
Caused by:
0: HeadBucket failed for bucket terraform-20230220093629354700000001 in region eu-west-1
1: Service error
2: Permission denied
Error: Failed to create mount process
from mountpoint-s3.
Related Issues (20)
- Include creation of files for benchmarking Mountpoint in benchmarking script HOT 1
- token is not refreshed when running in k8s pod connected to serviceaccount HOT 8
- Unable to Write HOT 4
- Files unexpectedly released leading to `Bad file descriptor` HOT 5
- Disabling data cache isn't mentioned in the documentation HOT 2
- Unable to mount non-aws storage due to "Host name was invalid for dns resolution" HOT 2
- Clarify the expected behavior of the `--metadata-ttl` option set to zero HOT 2
- Separate part sizes for GET and PUT
- `--metadata-ttl` option requires `--cache` directory
- Support for BottlerocketOS HOT 1
- `stat` call for `dir1/dir2/dir3/file` triggers many List and Head requests HOT 1
- error in issue template HOT 2
- ls: cannot access /mnt/s3: Connection refused HOT 2
- `stat` call for path triggers two requests (one List and one Head) with enabled cache HOT 1
- Input/output error during reading deleted object with cached metadata HOT 2
- GitHub Actions credentials appear to expire early for benchmark runs exceeding 1 hour HOT 5
- Stale file handle during reading rewritten object with cached metadata HOT 2
- Warning during attribution docs generation - "failed to validate all files specified in clarification"
- Reads from a file being written can succeed from page cache
- Kubernetes pods stuck with multiple S3 mount points HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mountpoint-s3.