Configure AWS credentials

Options
papam
papam Registered Posts: 5 ✭✭✭

Hello,

Is it possible to configure aws credentials in the backend of dataiku and disable the use of this credentials by user . I want to only make it usable by dss only.

Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role) but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .

I want to make this credentials only usable by a dataiku connection ( with STS assume role) , or EMR plugin or EKS.

Thanks,

Answers

  • Clément_Stenac
    Clément_Stenac Dataiker, Dataiku DSS Core Designer, Registered Posts: 753 Dataiker
    Options

    Hi,

    To achieve that, use an AWS keypair rather than an instance profile IAM role, and put the keypair in a ~/.aws/credentials file in the home of the user running DSS on the instance.

    If your DSS is configured with User Isolation, only the DSS system user will be able to read the credentials, impersonated user workloads won't.

  • papam
    papam Registered Posts: 5 ✭✭✭
    Options

    Hi,

    Thank you for your answer !

    I will try it.

Setup Info
    Tags
      Help me…