Support S3 Access Grants #1180
Labels
enhancement
New feature or request
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
/feature
Is your feature request related to a problem? Please describe.
I want to mount buckets that I do not have direct access to. My organisation uses S3 Access Grants to control access to buckets, including cross-account. Right now, I can only specify the role on a driver or pod level which will have permissions to get an access grant, but no way to retrieve the token and use it for subsequent S3 calls.
Describe the solution you'd like in detail
Perhaps this request is something that should be supported in mountpoint itself rather than the CSI driver, but I imagine adding a flag such as
--use-access-grantcould help. This would enable a new subroutine of using the current credentials to call the access grant endpoint and then using the returned STS token for actual mountpoint operations.Describe alternatives you've considered
I am not sure how else to do this other than asking the team who manages the access grants for a back door.
The text was updated successfully, but these errors were encountered: