Support Questions
Find answers, ask questions, and share your expertise

What is the best way to secure S3A objects on HDP 2.5?

Solved Go to solution

What is the best way to secure S3A objects on HDP 2.5?

Cloudera Employee
 
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Re: What is the best way to secure S3A objects on HDP 2.5?

@eorgad

To protect the S3A access/secret keys, it is recommended that you use either:

  1. IAM role-based authentication (such as EC2 instance profile), or
  2. the Hadoop Credential Provider Framework - securely storing them and accessing them through configuration.

The Hadoop Credential Provider Framework allows secure "Credential Providers" to keep secrets outside Hadoop configuration files, storing them in encrypted files in local or Hadoop filesystems, and including them in requests. The Hadoop-AWS Module documentation describes how to configure this properly.

View solution in original post

1 REPLY 1
Highlighted

Re: What is the best way to secure S3A objects on HDP 2.5?

@eorgad

To protect the S3A access/secret keys, it is recommended that you use either:

  1. IAM role-based authentication (such as EC2 instance profile), or
  2. the Hadoop Credential Provider Framework - securely storing them and accessing them through configuration.

The Hadoop Credential Provider Framework allows secure "Credential Providers" to keep secrets outside Hadoop configuration files, storing them in encrypted files in local or Hadoop filesystems, and including them in requests. The Hadoop-AWS Module documentation describes how to configure this properly.

View solution in original post