HADOOP-18234. Fix s3a access point xml examples (#4309)

Contributed by Ashutosh Gupta

Change-Id: Ib99a4c7113d60690c1301d80cd5c27a43c463db0
This commit is contained in:
Ashutosh Gupta 2022-05-16 17:47:14 +01:00 committed by Steve Loughran
parent a50ce18f4d
commit c2071947f8
No known key found for this signature in database
GPG Key ID: D22CF846DBB162A0
1 changed files with 3 additions and 13 deletions

View File

@ -1592,7 +1592,7 @@ Accessing data through an access point, is done by using its ARN, as opposed to
You can set the Access Point ARN property using the following per bucket configuration property: You can set the Access Point ARN property using the following per bucket configuration property:
```xml ```xml
<property> <property>
<name>fs.s3a.sample-bucket.accesspoint.arn</name> <name>fs.s3a.bucket.sample-bucket.accesspoint.arn</name>
<value> {ACCESSPOINT_ARN_HERE} </value> <value> {ACCESSPOINT_ARN_HERE} </value>
<description>Configure S3a traffic to use this AccessPoint</description> <description>Configure S3a traffic to use this AccessPoint</description>
</property> </property>
@ -1602,21 +1602,11 @@ This configures access to the `sample-bucket` bucket for S3A, to go through the
new Access Point ARN. So, for example `s3a://sample-bucket/key` will now use your new Access Point ARN. So, for example `s3a://sample-bucket/key` will now use your
configured ARN when getting data from S3 instead of your bucket. configured ARN when getting data from S3 instead of your bucket.
You can also use an Access Point name as a path URI such as `s3a://finance-team-access/key`, by
configuring the `.accesspoint.arn` property as a per-bucket override:
```xml
<property>
<name>fs.s3a.finance-team-access.accesspoint.arn</name>
<value> {ACCESSPOINT_ARN_HERE} </value>
<description>Configure S3a traffic to use this AccessPoint</description>
</property>
```
The `fs.s3a.accesspoint.required` property can also require all access to S3 to go through Access The `fs.s3a.accesspoint.required` property can also require all access to S3 to go through Access
Points. This has the advantage of increasing security inside a VPN / VPC as you only allow access Points. This has the advantage of increasing security inside a VPN / VPC as you only allow access
to known sources of data defined through Access Points. In case there is a need to access a bucket to known sources of data defined through Access Points. In case there is a need to access a bucket
directly (without Access Points) then you can use per bucket overrides to disable this setting on a directly (without Access Points) then you can use per bucket overrides to disable this setting on a
bucket by bucket basis i.e. `fs.s3a.{YOUR-BUCKET}.accesspoint.required`. bucket by bucket basis i.e. `fs.s3a.bucket.{YOUR-BUCKET}.accesspoint.required`.
```xml ```xml
<!-- Require access point only access --> <!-- Require access point only access -->
@ -1626,7 +1616,7 @@ bucket by bucket basis i.e. `fs.s3a.{YOUR-BUCKET}.accesspoint.required`.
</property> </property>
<!-- Disable it on a per-bucket basis if needed --> <!-- Disable it on a per-bucket basis if needed -->
<property> <property>
<name>fs.s3a.example-bucket.accesspoint.required</name> <name>fs.s3a.bucket.example-bucket.accesspoint.required</name>
<value>false</value> <value>false</value>
</property> </property>
``` ```