This website uses cookies. By clicking OK, you consent to the use of cookies. Read our cookie policy.
Accept
Reject
Community

Configure AWS credentials

papam
Level 1
โ€Ž12-01-2020 02:38 PM
Configure AWS credentials

Hello,

Is it possible to configure aws credentials in the backend of dataiku  and disable the use of this credentials by user . I want to only make it usable by dss only.

 

Example: I have configured credentials in my dataiku backend . This credentials permit to assume other aws roles ( STS with Assume Role) . I want to create S3 connection (STS with Assume Role)  but i need to block usage in python recipe or something else for users so they couldn't assume someone esle identity .

I want to make this credentials only usable by a dataiku connection ( with STS assume role)  , or EMR plugin or EKS.

 

Thanks,

0 Kudos
Reply
2 Replies
Clรฉment_Stenac
Dataiker
โ€Ž12-01-2020 02:48 PM

Hi,

To achieve that, use an AWS keypair rather than an instance profile IAM role, and put the keypair in a ~/.aws/credentials file in the home of the user running DSS on the instance.

If your DSS is configured with User Isolation, only the DSS system user will be able to read the credentials, impersonated user workloads won't.

Reply
papam
Level 1
Author
โ€Ž12-07-2020 04:43 PM

Hi,

Thank you for your answer ! 

I will try it.

 

 

0 Kudos
Reply
A banner prompting to get Dataiku
Didn't Find What You Needed?

Post a Question

Help me โ€ฆ
โ€ฆ ask a question โ€ฆ search for an answer โ€ฆ learn to use the Community