Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Adding IAM role config to online store

See original GitHub issue

Is your feature request related to a problem? Please describe.

s3_staging_location field

I would like to understand why was associated a deployment environment name in this variable name: s3_staging_location. It’s makes some confusion when we try to understand how the things works behind the scenes. Besides, this field name can lead to fake semantics. For exemple, in our context we have the s3_staging_location with a production location value.

iam_role field

Why the iam_role field is exclusive to the offline store scope? In this way is not possible to reuse the role to the online store scope.

Describe the solution you’d like

offline_store:
    type: redshift
    region: us-west-2
    cluster_id: ******
    database: ******
    user: ******
    s3_staging_location: ******
    iam_role: arn:aws:iam::account_id:role/role_1
online_store:
    type: dynamodb
    region: us-east-1
    iam_role: arn:aws:iam::account_id:role/role_1

Describe alternatives you’ve considered We created a role that was not possible to reuse in the online store context. So, we increased the permissions to the role (role_2) used by the aws-vault:

aws-vault exec profile (that uses role_2) -- pipenv run feast apply

Additional context The additional permission was restricted to one user group, we can’t use the same solution for other user groups due security issues.

Issue Analytics

State:
Created 2 years ago
Comments:9 (3 by maintainers)

Top GitHub Comments

1reaction

fcascommented, Sep 14, 2021

@felixwang9817 I was wondering and even considering the comments about s3_staging_location field in the code:

  s3_staging_location: StrictStr
  """ S3 path for importing & exporting data to Redshift """

Normally, the community uses the prefix or suffix temp to specify temp stuffs (see: https://github.com/search?q=temp_&type=code vs https://github.com/search?q=staging_&type=code — of course it’s not a systematic review). What do you think about s3_temp_location vs s3_staging_location?

0reactions

stale[bot]commented, May 25, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

Top Results From Across the Web

Using an IAM role in the AWS CLI

You can enable IAM users to use roles that belong to different accounts by configuring the role as a cross-account role. During role...

Creating an IAM Role for Granting Access to a Project Store

Log into the AWS Console and open IAM. · Under Access management on the left side of the page, select Roles. · On...

IAM roles for Cloud Storage

The following table describes Identity and Access Management (IAM) roles that are associated with Cloud Storage and lists the permissions that are contained ......

Add AWS IAM Role via CloudFormation

From the Container Protection navigation menu, go to Configure > Credential Store. · Click on the top right corner +ADD NEW drop down...

Setting Up IAM Roles for Systems Manager - YouTube

Amazon EC2 Systems Manager requires an IAM role for EC2 instances that will process commands and a separate role for users executing those ......