โ01-03-2024 06:31 PM
We have a requirement to configure storage credentials in UC for s3 buckets which have been previously mounted by using access keys
mounts has been depreciated and we need to configure storage credentials when we use UC. But while configuring storage creds it only supports instance profiles
โ01-03-2024 11:36 PM
Hi @karthik_p, Unity Catalog (UC) provides tools to configure secure connections to cloud object storage.
Here are some key concepts and steps to configure storage credentials in UC:
Storage Credential: A storage credential represents an authentication and authorization mechanism fo.... It can use an Azure-managed identity or an IAM role. Each storage credential is subject to Unity Catalog access-control policies that control which users....
External Location: An external location is an object that combines a cloud storage path with a stora.... Each storage location is subject to Unity Catalog access-control policies that control which users a....
If youโre using AWS, you can follow the tutorial on configuring S3 access with an instance profile. If youโre using Azure, you can refer to the guide on connecting to cloud object storage using Unity ....
Please note that permissions for storage credentials should only be granted to users who need to def.... Similarly, permission to create and use external locations should only be given to users who need to....
I hope this helps! If you have any more questions, feel free to ask.
โ01-04-2024 01:20 PM
@Kaniz was looking for below scenario https://docs.gcp.databricks.com/en/connect/storage/amazon-s3.html
here buckets are configured with Access keys as mounts, now workspace configured with UC and UC won't recommend to use DBFS mounts, we need to convert them as storages. where as in storage we have only IAM role option (Instance profile) , but there is no option to specify aws access keys to create storage credentials. within article no where it was mentioned as Depreciated.
we are looking for article where it specifies above scenarios are not supported, some thing like that. This is blocking us to proceed with UC upgrade. please help to resolve this
โ01-16-2024 10:20 AM
Hello @karthik_p ,
The UC setup provides the feasibility to add the S3 bucket as a volume when compared to the non-UC concept Mounts.
When added as Volume, the access to the Volume in UC is Governed via the Storage Credentials.
Regarding Storage credential, as by definition : A storage credential is a securable object representing an AWS IAM role, which itself suggests that it needs to be an IAM role, hence ruling out other authentication mechanisms.
Additionally as mentioned in the article: "A storage credential represents an authentication and authorization mechanism for accessing data stored on your cloud tenant, using an IAM role." It further establishes that the UC Storage credential is expected to be defined using an IAM role.
โ01-18-2024 01:59 AM
Thank you for posting your question in our community! We are happy to assist you.
To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?
This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance!