Currently only the S3 connector is able to make use of the Cloud Identity / OIDC connect feature. This means that for e.g. Kinesis, we either need to use an agent with instance credentials or create an IAM user.
The latter is the only option for direct connections, but is problematic because it requires to handle static credentials. Using, in especially, OIDC would allow us to purely rely on an STS role-assumption workflow leading to an overall more secure and less error-prone workflow. Finally, this would unify the workflow across AWS services.
Ideally, this should be supported by all connectors for AWS native services like Kinesis and DynamoDB.
I think the problem here is direct connect only works with Public data sources. Thats why Cloud Identity works only with S3. I think for other data sources Palantir has to build back end infra needed for private link.
Here are the other AWS services that are supported by Palantir that could benefit from Cloud identity as it helps the customers implement an authentication solution thats in line with AWS best practices
AWS RDS
Kinesis
Redshift
Amazon MKS
Amazon dynamoDB
AWS IOT core
I think people who use these services should +1 to this feature to help Palantir prioritize it
Thanks for the suggestion! We are currently rolling out Cloud Identity support to Redshift as a follow up to this thread, and we’ll continue to add Cloud Identity / OIDC connect support to further connectors.
I’ll update the thread when support for these features reaches other connectors.