One of my EMR job relies on getting the AWS access key id and secret access key from the fs.s3.awsAccessKeyId and fs.s3.awsSecretAccessKey properties, respectively. However, when I run EMR cluster using the default EC2 and EMR roles, those properties do not exist.
How do I get these access keys while running the EMR clusters with the default roles, seeing that using IAM roles is a requirement at this point? One way I could do it is set these properties explicitly myself, but I want to see if I missed something else.
Using roles and not hard coded keys is a best practice (http://docs.aws.amazon.com/general/latest/gr/aws-access-keys-best-practices.html). An example of this on EMR is the underlying Hadoop FS calls use the role assigned to the EC2 instance in order to generate temporary security credentials.
Your application can be built to do the same (http://docs.aws.amazon.com/IAM/latest/UserGuide/roles-usingrole-ec2instance.html) such that it fetches a temporary access key and secret with token from the assigned role instead of reading it from a fixed config.