首页 项目目录 关于我们
Sign In
rust
/
Materialize
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 6dd8e59864
Branches Tags
Materialize
/
doc
/
user
/
layouts
/
shortcodes
/
specifying-aws-credentials.html

specifying-aws-credentials.html 2.8 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051 
  1. ### AWS credentials
    2. 

  2. 

  3. AWS credentials can be provided on a per-source basis via the standard AWS credentials provider chain:
    4. 

  4. 

  5. 1. Statically provided as part of the `WITH` block in source declaration. These credentials will be
    6. 

  6.    written to disk in plain text as well as being easily exposed via introspection commands and so
    7. 

  7.    this technique is only recommended for experimentation and development.
    8. 

  8. 2. Environment variables: `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`,
    9. 

  9.    [`AWS_WEB_IDENTITY_TOKEN_FILE`][web-identity], and [many more][env-vars].
    10. 

  10. 3. `credential_process` command in the AWS config file, by default located at `~/.aws/config`.
    11. 

  11. 4. AWS credentials file and profile files. By default located at `~/.aws/config` and
    12. 

  12.    `~/.aws/credentials`, respectively.
    13. 

  13. 5. The [IAM instance profile][instance-profile] provided by the Instance Metadata Service. This
    14. 

  14.    will only work if running on an EC2 instance with an instance profile.
    15. 

  15. 

  16. *Changed in v0.10.0:* Materialize supports the standard AWS credentials provider
    17. 

  17. chain as described above. Previously Materialize had support for only an
    18. 

  18. unspecified subset of the standard credentials provider chain.
    19. 

  19. 

  20. #### AWS credentials `WITH` options
    21. 

  21. 

  22. Static credentials can be configured by the following `WITH` options:
    23. 

  23. 

  24. Field | Value type | Description
    25. 

  25. ----- | ---------- | -----------
    26. 

  26. `access_key_id` | `text` | A valid [access key ID][access] for the AWS resource.
    27. 

  27. `secret_access_key` | `text` | A valid [secret access key][access] for the AWS resource.
    28. 

  28. `token` (optional) | `text` | The session token associated with the credentials, if the credentials are temporary
    29. 

  29. 

  30. Alternatively, you can specify a [named config profile](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-profiles.html) to assume. This named profile must exist within the AWS `credentials` or `config` file.
    31. 

  31. 

  32. Field | Value type | Description
    33. 

  33. -----|------------|------------
    34. 

  34. `profile` | `text` | An AWS config profile to assume. *New in v0.20.0.*
    35. 

  35. 

  36. The following `WITH` options can be set with either static credentials, a profile, or alone depending on the environment for credentials.
    37. 

  37. 

  38. Field | Value type | Description
    39. 

  39. ------|-----------|------------
    40. 

  40. `role_arn` | `text` | An IAM role to assume. *New in v0.20.0.*
    41. 

  41. `region` | `text` | The region to use for all AWS requests.
    42. 

  42. 

  43. Credentials fetched from a container or instance profile expire on a fixed
    44. 

  44. schedule. Materialize will attempt to refresh the credentials automatically
    45. 

  45. before they expire, but the source will become inoperable if the refresh
    46. 

  46. operation fails.
    47. 

  47. 

  48. [web-identity]: https://docs.rs/aws-config/latest/aws_config/web_identity_token/index.html
    49. 

  49. [env-vars]: https://docs.aws.amazon.com/sdkref/latest/guide/environment-variables.html
    50. 

  50. [access]: https://docs.aws.amazon.com/streams/latest/dev/controlling-access.html
    51. 

  51. [instance-profile]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
    52.