Comments - Installing and Configuring a ColumnStore System using the Amazon AMI
Content reproduced on this site is the property of its respective owners,
and this content is not reviewed in advance by MariaDB. The views, information and opinions
expressed by this content do not necessarily represent those of MariaDB or any other party.
Amazon Web Services specifically recommends against embedding long-term access keys into applications, per their best practices documentation:
http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html#use-roles
Does MariaDB support the use of IAM roles in EC2? If not, would a MariaDB representative please comment on exactly when support for IAM roles is planned and why this was overlooked, since IAM roles are a requirement for technology adoption in a large enterprise EC2 environment?
Additionally, this documentation is missing a critical piece of information. It describes the necessity of installing AWS user API keys -- but it does not offer an appropriate JSON policy statement describing the API actions that must be granted to MariaDB. Without a list of API actions, an AWS administrator cannot assign an appropriate access policy. We do not like having to guess at the API calls an application might make.
Please explain in precise terms on this page each of the AWS API actions the MariaDB tool will perform, preferably along with a valid JSON policy document (cf. http://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) or the name of an appropriate AWS-managed policy document for administrative use.