[ 
https://issues.apache.org/jira/browse/HADOOP-15650?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16693399#comment-16693399
 ] 

Steve Loughran commented on HADOOP-15650:
-----------------------------------------

aah. In HADOOP-14556 I've actually started my own provider for this; had 
forgotten about the retry code there. I think I'll leave that as a separate 
patch -switching to async refresh would actually be better as it'd eliminate 
latencies.

As to what to do: just wrap the existing getCredentials() Call in an Invoker 
with a retry policy which will only retry on throttle exceptions, fail fast on 
everything else, especially network failures

> Add custom InstanceProfileCredentialsProvider with more resilience to 
> throttling
> --------------------------------------------------------------------------------
>
>                 Key: HADOOP-15650
>                 URL: https://issues.apache.org/jira/browse/HADOOP-15650
>             Project: Hadoop Common
>          Issue Type: Sub-task
>          Components: fs/s3
>    Affects Versions: 3.1.0
>            Reporter: Steve Loughran
>            Priority: Minor
>
> Add our own InstanceProfileCredentialsProvider class which uses the AWS 
> implementation to retrieve credentials from EC2's instance info, but more 
> resilient to overloading.
> # pass in client config with retry logic (HADOOP-15603)
> # use Invoke.retry() to retry
> # log/measure failures
> # maybe use the Async feature of the AWS SDK class, so that credential 
> renewer doesn't block IO.
> # be shared amongst all AWS auth chains which need these credentials.
> The singleton we current use for IAM auth doesn't do async, which is good as 
> it ensures that we don't prematurely close it when 
> {{AWSCredentialProviderList.close()}} closes its children.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to