HADOOP-18234. Fix s3a access point xml examples (#4309)
Contributed by Ashutosh Gupta Change-Id: Ib99a4c7113d60690c1301d80cd5c27a43c463db0
This commit is contained in:
parent
a50ce18f4d
commit
c2071947f8
@ -1592,7 +1592,7 @@ Accessing data through an access point, is done by using its ARN, as opposed to
|
|||||||
You can set the Access Point ARN property using the following per bucket configuration property:
|
You can set the Access Point ARN property using the following per bucket configuration property:
|
||||||
```xml
|
```xml
|
||||||
<property>
|
<property>
|
||||||
<name>fs.s3a.sample-bucket.accesspoint.arn</name>
|
<name>fs.s3a.bucket.sample-bucket.accesspoint.arn</name>
|
||||||
<value> {ACCESSPOINT_ARN_HERE} </value>
|
<value> {ACCESSPOINT_ARN_HERE} </value>
|
||||||
<description>Configure S3a traffic to use this AccessPoint</description>
|
<description>Configure S3a traffic to use this AccessPoint</description>
|
||||||
</property>
|
</property>
|
||||||
@ -1602,21 +1602,11 @@ This configures access to the `sample-bucket` bucket for S3A, to go through the
|
|||||||
new Access Point ARN. So, for example `s3a://sample-bucket/key` will now use your
|
new Access Point ARN. So, for example `s3a://sample-bucket/key` will now use your
|
||||||
configured ARN when getting data from S3 instead of your bucket.
|
configured ARN when getting data from S3 instead of your bucket.
|
||||||
|
|
||||||
You can also use an Access Point name as a path URI such as `s3a://finance-team-access/key`, by
|
|
||||||
configuring the `.accesspoint.arn` property as a per-bucket override:
|
|
||||||
```xml
|
|
||||||
<property>
|
|
||||||
<name>fs.s3a.finance-team-access.accesspoint.arn</name>
|
|
||||||
<value> {ACCESSPOINT_ARN_HERE} </value>
|
|
||||||
<description>Configure S3a traffic to use this AccessPoint</description>
|
|
||||||
</property>
|
|
||||||
```
|
|
||||||
|
|
||||||
The `fs.s3a.accesspoint.required` property can also require all access to S3 to go through Access
|
The `fs.s3a.accesspoint.required` property can also require all access to S3 to go through Access
|
||||||
Points. This has the advantage of increasing security inside a VPN / VPC as you only allow access
|
Points. This has the advantage of increasing security inside a VPN / VPC as you only allow access
|
||||||
to known sources of data defined through Access Points. In case there is a need to access a bucket
|
to known sources of data defined through Access Points. In case there is a need to access a bucket
|
||||||
directly (without Access Points) then you can use per bucket overrides to disable this setting on a
|
directly (without Access Points) then you can use per bucket overrides to disable this setting on a
|
||||||
bucket by bucket basis i.e. `fs.s3a.{YOUR-BUCKET}.accesspoint.required`.
|
bucket by bucket basis i.e. `fs.s3a.bucket.{YOUR-BUCKET}.accesspoint.required`.
|
||||||
|
|
||||||
```xml
|
```xml
|
||||||
<!-- Require access point only access -->
|
<!-- Require access point only access -->
|
||||||
@ -1626,7 +1616,7 @@ bucket by bucket basis i.e. `fs.s3a.{YOUR-BUCKET}.accesspoint.required`.
|
|||||||
</property>
|
</property>
|
||||||
<!-- Disable it on a per-bucket basis if needed -->
|
<!-- Disable it on a per-bucket basis if needed -->
|
||||||
<property>
|
<property>
|
||||||
<name>fs.s3a.example-bucket.accesspoint.required</name>
|
<name>fs.s3a.bucket.example-bucket.accesspoint.required</name>
|
||||||
<value>false</value>
|
<value>false</value>
|
||||||
</property>
|
</property>
|
||||||
```
|
```
|
||||||
|
Loading…
Reference in New Issue
Block a user