Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support all AWS SDK authorization methods #264

Closed
danotorrey opened this issue Sep 13, 2019 · 3 comments · Fixed by #279
Closed

Support all AWS SDK authorization methods #264

danotorrey opened this issue Sep 13, 2019 · 3 comments · Fixed by #279
Assignees

Comments

@danotorrey
Copy link
Contributor

@danotorrey danotorrey commented Sep 13, 2019

Description

Fully support all AWS authorization methods for the new AWS Kinesis integration. Right now, an API key is required. The forces users to generate this extra credential set. It is sometimes more desirable to assume a specific role ARN or use the role of the EC2 instance.

What

Support the following authorization schemes:

  • Explicit credentials (key and secret - as we supported before).
  • Automatic (supports environment variables, Java props, EC2 creds and other options described here).
  • Assume Role ARN support

Why

Assuming a role or policy in AWS is a common way to authorize applications running in the AWS environment. See https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html for more info. Requiring security keys add unneeded complexity and maintenance burdens for certain configurations.

@danotorrey danotorrey added the feature label Sep 13, 2019
@danotorrey

This comment has been minimized.

Copy link
Contributor Author

@danotorrey danotorrey commented Sep 13, 2019

@jalogisch jalogisch added the triaged label Sep 16, 2019
@danotorrey

This comment has been minimized.

Copy link
Contributor Author

@danotorrey danotorrey commented Sep 24, 2019

The backend code for this is already in place, we just need to update the UI to provide the option to use API keys or assume role ARN functionality.

@danotorrey

This comment has been minimized.

Copy link
Contributor Author

@danotorrey danotorrey commented Sep 25, 2019

From talking to @kyleknighted about this, we think it's best to support all AWS SDK authorization options. It's not much more work to support them all, and it provides the most flexibility for our users.

So, on the first page of all AWS integrations, we would present the following three choices:

  1. Explicit credentials (key and secret - as we supported before).
  2. Automatic (supports environment variables, Java props, EC2 creds and other options described here).
  3. Assume Role ARN support.

This way, we support all possible options that could be needed since we are making changes to the auth code (not much more work to support them all).

@danotorrey danotorrey added the #L label Oct 16, 2019
@danotorrey danotorrey changed the title Fully support Assume Role ARN for new AWS Kinesis Integration Support all AWS SDK authorization methods Oct 17, 2019
@danotorrey danotorrey self-assigned this Oct 17, 2019
@ceruleancee ceruleancee added the aws label Dec 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.