Feature request: Support Workload Identity Federation on AWS Fargate #1594
Labels
priority: p3
Desirable enhancement or fix. May not be included in next release.
type: feature request
‘Nice-to-have’ improvement, new feature or different behavior or design.
Comments
aaleksandrov
added
priority: p3
danielbankhead
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Is your feature request related to a problem? Please describe.
We run some workloads on AWS Fargate, these workloads communicate to Bigquery. At the moment we can't use Workload Identity Federation because Fargate has neither Metadata endpoint, nor environment variables like
AWS_ACCESS_KEYorAWS_SECRET_ACCESS_KEY, on Fargate credentials obtained using an environment variableAWS_CONTAINER_CREDENTIALS_RELATIVE_URI.So we have to provision service account keys, secure them, rotate them etc
Describe the solution you'd like
I'd like to use Workload Identity Federation and not worry about service account keys.
Describe alternatives you've considered
Running EC2 instead of Fargate
Additional context
There are some workarounds in internet like https://stackoverflow.com/questions/70194948/connection-error-from-aws-fargete-to-gcp-bigquery-by-using-workload-identity (for Python). they all require patching auth logic
The text was updated successfully, but these errors were encountered: