Skip to main content
Skip to main content

Cloud Service Authentication

Overview

When accessing a service on the cloud, we need to provide the credentials needed to access the service so that the service can be authenticated by IAM of cloud vendors.

AWS

Now Doris support two types of authentication to access AWS service.

Catalog Credentials

When access Glue though Iceberg Catalog, we can access tables on Glue by filling in the following properties:

-- Using access key and secret key
CREATE CATALOG glue2 PROPERTIES (
    "type"="iceberg",
    "iceberg.catalog.type" = "glue",
    "glue.endpoint" = "https://glue.us-east-1.amazonaws.com/",
    "client.credentials-provider" = "com.amazonaws.glue.catalog.credentials.ConfigAWSProvider",
    "client.credentials-provider.glue.access_key" = "ak",
    "client.credentials-provider.glue.secret_key" = "sk"
);

System Credentials

For applications running on AWS resources, such as EC2 instances, this approach enhances security by avoiding hardcoded credentials.

If we create the Catalog but not fill any Credentials in properties, the DefaultAWSCredentialsProviderChain will be used to read in the system environment variables or instance profile.

For details about how to configure environment variables and system properties, see: AWS CLI .

  • The configurable environment variables are: AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEYAWS_SESSION_TOKENAWS_ROLE_ARNAWS_WEB_IDENTITY_TOKEN_FILE and so on.
  • In addition, you can also use aws configure to configure Credentials, the Credentials file will be written to the ~/.aws directory.
Report issue
On This Page
ASF
Resources
Community
Join the community
Copyright © 2024 The Apache Software Foundation,Licensed under the Apache License, Version 2.0. Apache, Doris, Apache Doris, the Apache feather logo and the Apache Doris logo are trademarks of The Apache Software Foundation.