Distributed Storage Authentication in EKS

kyleahn · March 14, 2023, 6:31pm

In the Dremio_v2 helm chart’s “Values-Reference.md”, I see the following:

Type: String

The valid values for distStorage.aws.authentication are:

metadata (default) - Dremio will attempt to use the instance profile of the EKS node to authenticate to the S3 bucket.
accessKeySecret - The values distStorage.aws.credentials.accessKey and distStorage.aws.credentials.secret are used to authenticate.
awsProfile - The distStorage.aws.credentials.awsProfileName value is used to authenticate.

Note: Dremio does not support service account IAM roles on EKS.

I would like to avoid using access key and secret, and use service account. Is this not supported at all? Is there no workaround if not supported?

balaji.ramaswamy · April 9, 2023, 8:29pm

@kyleahn Available options are

Topic		Replies	Views
Dremio EKS: use service account with AIM identity usage for s3 data source Dremio University	5	1453	March 14, 2023
Issue: No FileSystem for scheme: dremioS3	3	2120	September 30, 2019
DistStorage - Azure Gen2 Access Key	4	963	October 17, 2022
S3-like storage for Distributed Storage	12	2035	December 21, 2023
AWS S3 access using EC2 role instead of Access Keys	15	2766	July 2, 2021