Distributed Storage Authentication in EKS

kyleahn · March 14, 2023, 6:31pm

In the Dremio_v2 helm chart’s “Values-Reference.md”, I see the following:

Type: String

The valid values for distStorage.aws.authentication are:

metadata (default) - Dremio will attempt to use the instance profile of the EKS node to authenticate to the S3 bucket.
accessKeySecret - The values distStorage.aws.credentials.accessKey and distStorage.aws.credentials.secret are used to authenticate.
awsProfile - The distStorage.aws.credentials.awsProfileName value is used to authenticate.

Note: Dremio does not support service account IAM roles on EKS.

I would like to avoid using access key and secret, and use service account. Is this not supported at all? Is there no workaround if not supported?

balaji.ramaswamy · April 9, 2023, 8:29pm

@kyleahn Available options are

Topic		Replies	Views
Dremio EKS: use service account with AIM identity usage for s3 data source Dremio University	5	1520	March 14, 2023
AWS S3 access using EC2 role instead of Access Keys	15	2883	July 2, 2021
Kubernetes deployment and connecting to an S3 data lake	7	1894	August 4, 2021
Issue: No FileSystem for scheme: dremioS3	3	2209	September 30, 2019
Access S3 Using ProfileAuth ( ~/.aws/Credentials) - Dremio throwing IllegalStateException	4	1254	November 6, 2019