Re: [DISCUSS] AWS IAM-based client authentication

Thu, 06 Mar 2025 10:33:00 -0800 

Thanks Scott - That gives me a clear to direction to go in -- Joel.

On 3/5/2025 9:01 PM, C. Scott Andreas wrote:


Joel, thanks for reaching out.
This sounds interesting, I bet there are many who would benefit from IAM-based authentication.
If you haven't yet, could you request a Jira account? Someone will be able to approve it almost immediately if you don't have one yet. https://selfserve.apache.org/jira-account.html
For discussing/reviewing the implementation, I'd make the repos public and create a ticket under the database [1] and driver [2] projects with a description and source link to start.
For new feature proposals, we'll usually open with a discuss thread as you've started here. That discussion will gauge receptivity and whether to proceed by acclamation; or whether the proposal is significant enough in scope to warrant a CEP doc and vote thread [3]. 

Cheers,

– Scott

[1] http://issues.apache.org/jira/browse/CASSANDRA
[2] http://issues.apache.org/jira/browse/CASSJAVA
[3] https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=95652201 



On Mar 4, 2025, at 12:48 PM, Joel Shepherd <sheph...@amazon.com> wrote:


Hi - I have a side project that provides client- and node-side Java
plug-ins to enable client-to-node authentication based on AWS
identities. This would, for example, enable clients to use EC2 instance
roles to authenticate to Cassandra nodes, or use ordinary IAM
keys/secret keys. The client needs to be able to obtain valid IAM
credentials to sign a request, and the node needs to be able to connect
to a public AWS Security Token Service (STS) endpoint. There are no
other required AWS dependencies, and (I believe) no changes required
driver or node code: just minor configuration updates.

I'm seeking help in reviewing the concept and code. I'm new to this
community,  so I'm looking for suggestions on how to best engage you on
this.

The code (which is not quite production-ready) is in two private GitHub
repos which I'm happy to grant access to for early review. I can also
provide documentation on the approach: not sure whether that's best
shared via this thread, a CEP, repo documentation ... suggestions wanted.

Thanks: I'd appreciate any and all help in making these plug-ins
available to the community.

-- Joel.

Reply via email to