Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update S3 configuration documentation #1065

Merged
merged 1 commit into from
Jul 18, 2023
Merged

Update S3 configuration documentation #1065

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 17 additions & 5 deletions content/docs/integrations/aws-s3/index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,11 +14,11 @@ S3 can be a useful place to store certain resources used by backstage plugins li

This guide describes how to set up access for Roadie to your S3 buckets in your infrastructure and configure it.

## Step 1: Get the roadie IAM details
To configure autodiscovery of entities from S3 buckets, see documentation about [AWS S3 Autodiscovery.](docs/details/location-management/#aws-s3-autodiscovery)

Navigate to `Administration > Settings > AWS S3` and make a note of the Roadie backend role ARN and account ID.
## Step 1: Get the roadie IAM details

![Role Details](./role-details.png)
Navigate to `Administration > Settings > AWS S3` and make a note of the Roadie backend role ARN and account ID. This is mentioned on the title text of the AWS S3 integration settings page.

## Step 2: Create a federated role in your account for Roadie

Expand All @@ -28,7 +28,12 @@ The role needs to follow this naming convention `arn:aws:iam::*:role/<your-tenan

You'll need to attach a policy which allows access to the required S3 buckets such as `AmazonS3ReadOnlyAccess`. This policy grants roadie read access to all buckets.
If you do not want to grant this access you can [create your own policy](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create-console.html)
which restricts access to only certain buckets. e.g.
which restricts access to only certain buckets. An example minimal policy needed to retrieve files from S3 buckets is below


<details>

<summary>An example minimal S3 Read policy</summary>

```json
{
Expand All @@ -51,10 +56,17 @@ which restricts access to only certain buckets. e.g.
]
}
```
</details>


## Step 3: Configure your Roadie instance to use the new role

On the AWS S3 settings page `Administration > Settings > Aws S3` in Roadie click `Add Item` and enter the newly created
role ARN and external ID. The S3 host is only required if you're using different roles for different buckets.

![AWS S3 Settings](./aws-s3-config.png)
After the role configuration is done, you can click the 'Test Role' button to check if integration configuration has succeeded.

![Role Details](./role-details.png)



Binary file modified content/docs/integrations/aws-s3/role-details.png
View file
Open in desktop
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.