SDAP-517 - Credential management for AWS collections #312
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Some changes of this PR were copied to #313 |
added 10 commits
June 6, 2024 16:05
# Conflicts: # data-access/nexustiles/nexustiles.py # poetry.lock
# Conflicts: # data-access/nexustiles/nexustiles.py
# Conflicts: # data-access/nexustiles/AbstractTileService.py # poetry.lock # pyproject.toml
# Conflicts: # poetry.lock
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR augments the configurations of Zarr (and eventually future) collections.
Initially, collections in non-public S3 buckets needed to be provided an Access Key ID and Secret Access Key pair:
Obviously, this is not ideal as long-term AWS keys are not only directly stored, but also need to be maintained by end users. This PR allows more options in defining AWS credentials.
Profiles
You can use credentials defined in AWS named profiles:
NASA DAAC Temporary S3 credentials
NASA DAACs make their data available for direct S3 access for running in the
us-west-2region. You can utilize this by specifying the credential endpoint or by picking from a list of predefined DAACs.NOTE: This only works if running in the
us-west-2AWS region. A check will be made to see in SDAP is running in that region and these collections will be excluded if notAn Earthdata login is required for this. Provide either
EDL_USERNAMEandEDL_PASSWORDenvironment variables or specify the login on a per-collection basis:Predefined DAACs: