Overview
When accessing a service on the cloud, we need to provide the credentials needed to access the service so that the service can be authenticated by IAM of cloud vendors.
AWSβ
Now Doris support two types of authentication to access AWS service.
Catalog Credentialsβ
When access Glue though Iceberg Catalog, we can access tables on Glue by filling in the following properties:
-- Using access key and secret key
CREATE CATALOG glue2 PROPERTIES (
"type"="iceberg",
"iceberg.catalog.type" = "glue",
"glue.endpoint" = "https://glue.us-east-1.amazonaws.com/",
"client.credentials-provider" = "com.amazonaws.glue.catalog.credentials.ConfigAWSProvider",
"client.credentials-provider.glue.access_key" = "ak",
"client.credentials-provider.glue.secret_key" = "sk"
);
System Credentialsβ
For applications running on AWS resources, such as EC2 instances, this approach enhances security by avoiding hardcoded credentials.
If we create the Catalog but not fill any Credentials in properties, the DefaultAWSCredentialsProviderChain
will be used to read in the system environment variables or instance profile.
For details about how to configure environment variables and system properties, see: AWS CLI .
- The configurable environment variables are:
AWS_ACCESS_KEY_ID
γAWS_SECRET_ACCESS_KEY
γAWS_SESSION_TOKEN
γAWS_ROLE_ARN
γAWS_WEB_IDENTITY_TOKEN_FILE
and so on. - In addition, you can also use aws configure to configure Credentials, the Credentials file will be written to the
~/.aws
directory.