Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

connection from ycsb to dynamoDB not working #1496

Open
daljeetsingh23 opened this issue Dec 16, 2020 · 6 comments
Open

connection from ycsb to dynamoDB not working #1496

daljeetsingh23 opened this issue Dec 16, 2020 · 6 comments

Comments

@daljeetsingh23
Copy link

Hi team,

We are trying to use ycsb to connect to dynamodb to perform some benchmarking.

In our environment we are only allowed to use AWS STS service to get access and secret key, when i pass this in AWSCredentials file, the connection is failing with error security token invalid.

It seem STS functionality is missing from ycsb to connect to dynamoDB.
Also in AWSCredentials file, only access and secret variables are given to pass the value but there is not option to pass security token which is kind of mandatory in our aws environment.
Screenshot 2020-11-13 at 8 59 54 PM
@daljeetsingh23 daljeetsingh23 changed the title connection from ycsb to dynamDB not working connection from ycsb to dynamoDB not working Dec 16, 2020
@billkarwin
Copy link

I had the same issue with session security token not being recognized. I was able to get it to work with a minor code modification.

In dynamodb/src/main/java/site/ycsb/db/DynamoDBClient.java delete five lines:

22,23d21
< import com.amazonaws.auth.AWSStaticCredentialsProvider;
< import com.amazonaws.auth.PropertiesCredentials;
32d29
< import java.io.File;
84d80
< String credentialsFile = getProperties().getProperty("dynamodb.awsCredentialsFile", null);
147d142
< .withCredentials(new AWSStaticCredentialsProvider(new PropertiesCredentials(new File(credentialsFile))))

With those lines deleted, AWS client defaults to inspect the credentials chain, so it will look for credentials in environment variables or ~/.aws/credentials or instance metadata. This modification doesn't allow me to specify an AWS profile, only to use the default profile. But that was enough for me.

Also with this modification, there's no need to specify the AWS credential file in the ycsb properties.

@nyh
Copy link

nyh commented Sep 6, 2022

I have the same problem. The AWS SDK's PropertiesCredentials, which YCSB uses, for some unknown reason (I would consider it a bug in the SDK...) only allows a key and secret, and not the third "session token" needed for STS-returned credentials.

@daljeetsingh23
Copy link
Author

daljeetsingh23 commented Sep 6, 2022 via email

@nyh
Copy link

nyh commented Sep 13, 2022

@billkarwin's patch above works perfectly! Instead of a silly weirdly-formatted and half-featured "credential property file" and a YCSB option dynamodb.awsCredentialsFile pointing to it, it lets you use the normal AWS configuration file (e.g., $HOME/.aws/credentials, or environment variables) - and those have the full capabilities of AWS credentials (e.g., STS's aws_session_token).

What would be the appropriate process to get this patch (probably with the corresponding documentation patch) in? Should I (or @billkarwin) send a pull request? Do we care about breaking backward compatibility (i.e., the dynamodb.awsCredentialsFile option will stop working)?

@fruch
Copy link

fruch commented Sep 13, 2022

@nyh @billkarwin

Seems like this PR also address this issue (and do few other things):
#1624

It also remove the credentials file property, I don't think anyone using AWS would actually welcome such a change.

@fee-mendes
Copy link

Bump - still hurts!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@billkarwin @fruch @nyh @daljeetsingh23 @fee-mendes