triggermesh · jmcx · Jan 6, 2023 · Jan 5, 2023 · Jan 6, 2023
diff --git a/docs/sources/awscloudwatch.md b/docs/sources/awscloudwatch.md
@@ -49,6 +49,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.cloudwatch.metrics.message`

diff --git a/docs/sources/awscloudwatchlogs.md b/docs/sources/awscloudwatchlogs.md
@@ -37,6 +37,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.logs.log`

diff --git a/docs/sources/awscodecommit.md b/docs/sources/awscodecommit.md
@@ -42,6 +42,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 The parameters include the following:
 
 Events produced have the following attributes:

diff --git a/docs/sources/awscognitoidentity.md b/docs/sources/awscognitoidentity.md
@@ -36,6 +36,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.cognito-identity.sync_trigger`

diff --git a/docs/sources/awscognitouserpool.md b/docs/sources/awscognitouserpool.md
@@ -37,6 +37,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.cognitouserpool.sync_trigger`

diff --git a/docs/sources/awsdynamodb.md b/docs/sources/awsdynamodb.md
@@ -37,6 +37,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.dynamodb.stream_record`

diff --git a/docs/sources/awseventbridge.md b/docs/sources/awseventbridge.md
@@ -46,6 +46,15 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.events.event`

diff --git a/docs/sources/awskinesis.md b/docs/sources/awskinesis.md
@@ -37,6 +37,16 @@ spec:
       name: default
 ```
 
+
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.kinesis.stream_record`

diff --git a/docs/sources/awss3.md b/docs/sources/awss3.md
@@ -41,6 +41,14 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
 
 Parameters:
 

diff --git a/docs/sources/awssqs.md b/docs/sources/awssqs.md
@@ -36,12 +36,23 @@ spec:
       name: default
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Events produced have the following attributes:
 
 * type `com.amazon.sqs.message`
 * source `<arn>`
 * Schema of the `data` attribute: [com.amazon.sqs.message.json](https://raw.githubusercontent.com/triggermesh/triggermesh/main/schemas/com.amazon.sqs.message.json)
 
+See the [Kubernetes object reference](../../reference/sources/#sources.triggermesh.io/v1alpha1.AWSSQSSource) for more details.
+
 ## Prerequisites
 
 - An SQS Queue

diff --git a/docs/targets/awscomprehend.md b/docs/targets/awscomprehend.md
@@ -5,7 +5,7 @@ Send events to [Amazon Comprehend](https://aws.amazon.com/comprehend/)
 With `tmctl`:
 
 ```
-tmctl create target awscomprehend --region <region> --language <language> --awsApiKey <awsApiKey> --awsApiSecret <awsApiSecret>
+tmctl create target awscomprehend --region <region> --language <language> --auth.credentials.accessKeyID <access key> --auth.credentials.secretAccessKey <secret key>
 ```
 
 On Kubernetes:
@@ -33,16 +33,27 @@ metadata:
 spec:
   region: us-west-1
   language: en
-  awsApiKey:
-    secretKeyRef:
-      name: aws
-      key: AWS_ACCESS_KEY_ID
-  awsApiSecret:
-    secretKeyRef:
-      name: aws
-      key: AWS_SECRET_ACCESS_KEY
+  auth:
+    credentials:
+      accessKeyID:
+        valueFromSecret:
+          name: aws
+          key: AWS_ACCESS_KEY_ID
+      secretAccessKey:
+        valueFromSecret:
+          name: aws
+          key: AWS_SECRET_ACCESS_KEY
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 This target accepts events of any type and analyzes each of the key values sentiment. It then combines the scores and returns the analysis in a response event of type `io.triggermesh.targets.aws.comprehend.result`.
 
 You can test the Target by sending it an event using `curl`:

diff --git a/docs/targets/awsdynamodb.md b/docs/targets/awsdynamodb.md
@@ -5,28 +5,54 @@ Sends events to [AWS DynamoDB](https://aws.amazon.com/dynamodb/).
 With `tmctl`:
 
 ```
-tmctl create target dynamodb --arn <arn> --awsApiKey <awsApiKey> --awsApiSecret <awsApiSecret>
+tmctl create target dynamodb --arn <arn> --auth.credentials.accessKeyID <access key> --auth.credentials.secretAccessKey <secret key>
 ```
 
 On Kubernetes:
 
+Secret
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+type: Opaque
+stringData:
+  AWS_ACCESS_KEY_ID: "<AWS Access Key ID>"
+  AWS_SECRET_ACCESS_KEY: "<AWS Secret Access Key>"
+```
+
+Target
+
 ```yaml
 apiVersion: targets.triggermesh.io/v1alpha1
 kind: AWSDynamoDBTarget
 metadata:
   name: triggermesh-aws-dynamodb
 spec:
   arn: arn:aws:dynamodb:us-west-1:<PROJECT_ID>:table/test
-  awsApiKey:
-    secretKeyRef:
-      name: aws
-      key: AWS_ACCESS_KEY_ID
-  awsApiSecret:
-    secretKeyRef:
-      name: aws
-      key: AWS_SECRET_ACCESS_KEY
+  auth:
+    credentials:
+      accessKeyID:
+        valueFromSecret:
+          name: aws
+          key: AWS_ACCESS_KEY_ID
+      secretAccessKey:
+        valueFromSecret:
+          name: aws
+          key: AWS_SECRET_ACCESS_KEY
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 Accepts events of any type.
 
 Responds with events with the following attributes:

diff --git a/docs/targets/awseventbridge.md b/docs/targets/awseventbridge.md
@@ -6,28 +6,54 @@ bus][intro].
 With `tmctl`:
 
 ```
-tmctl create target awseventbridge --arn <arn> --awsApiKey <awsApiKey> --awsApiSecret <awsApiSecret>
+tmctl create target awseventbridge --arn <arn> --auth.credentials.accessKeyID <access key> --auth.credentials.secretAccessKey <secret key>
 ```
 
 On Kubernetes:
 
+Secret
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: aws
+type: Opaque
+stringData:
+  AWS_ACCESS_KEY_ID: "<AWS Access Key ID>"
+  AWS_SECRET_ACCESS_KEY: "<AWS Secret Access Key>"
+```
+
+Target
+
 ```yaml
 apiVersion: targets.triggermesh.io/v1alpha1
 kind: AWSEventBridgeTarget
 metadata:
   name: triggermesh-aws-eventbridge
 spec:
   arn: arn:aws:events:us-west-2:<PROJECT_ID>:event-bus/cab-knative-event-test
-  awsApiKey:
-    secretKeyRef:
-      name: aws
-      key: AWS_ACCESS_KEY_ID
-  awsApiSecret:
-    secretKeyRef:
-      name: aws
-      key: AWS_SECRET_ACCESS_KEY
+  auth:
+    credentials:
+      accessKeyID:
+        valueFromSecret:
+          name: aws
+          key: AWS_ACCESS_KEY_ID
+      secretAccessKey:
+        valueFromSecret:
+          name: aws
+          key: AWS_SECRET_ACCESS_KEY
 ```
 
+Alternatively you can use an IAM role for authentication instead of an access key and secret, for Amazon EKS only:
+
+```yaml
+auth:
+  iamrole: arn:aws:iam::123456789012:role/foo
+```
+
+To setup an IAM role for service accounts, please refer to the [official AWS documentation](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
+
 The Amazon EventBridge event Target can consume events of any type.
 
 Responds with events with the following attributes: