spark and STS tokens (Federation Tokens)

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

spark and STS tokens (Federation Tokens)

ashic
Hi,
I'm looking to have spark jobs access S3 with temporary credentials. I've seen some examples around AssumeRole, but I have a scenario where the temp credentials are provided by GetFederationToken. Is there anything that can help, or do I need to use boto to execute GetFederationToken, and then pass the temp credentials as config params?

Also, for both GetFederationToken and AssumeRole, is there a valid way of refreshing the tokens once the job executes? Temp credentials from AssumeRole are quite limited in lifetime, and even with GetFederationToken, the maximum a set of temp credentials are valid is limited to 36 hours. If there a callback or similar thing we can give to spark that will be called when credentials are about to (have) expire (expired)?

Thanks,
Ashic.