Skip to content

Commit

Permalink
Add documentation for AWS IAM session tokens (kedacore#642)
Browse files Browse the repository at this point in the history
Signed-off-by: Jacob Henner <code@ventricle.us>
  • Loading branch information
JacobHenner authored Jan 28, 2022
1 parent 3cdd043 commit 2f46be2
Show file tree
Hide file tree
Showing 3 changed files with 25 additions and 10 deletions.
13 changes: 9 additions & 4 deletions content/docs/2.6/scalers/aws-cloudwatch.md
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,7 @@ You can use `TriggerAuthentication` CRD to configure the authenticate by providi

- `awsAccessKeyID` - Id of the user.
- `awsSecretAccessKey` - Access key for the user to authenticate with.
- `awsSessionToken` - Session token, only required when using [temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html).

The user will need access to read data from AWS CloudWatch.

Expand All @@ -85,8 +86,9 @@ kind: Secret
metadata:
name: test-secrets
data:
AWS_ACCESS_KEY_ID: <encoded-user-id>
AWS_SECRET_ACCESS_KEY: <encoded-key>
AWS_ACCESS_KEY_ID: <encoded-user-id> # Required.
AWS_SECRET_ACCESS_KEY: <encoded-key> # Required.
AWS_SESSION_TOKEN: <encoded-session-token> # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -96,11 +98,14 @@ metadata:
spec:
secretTargetRef:
- parameter: awsAccessKeyID # Required.
name: keda-aws-secrets # Required.
name: test-secrets # Required.
key: AWS_ACCESS_KEY_ID # Required.
- parameter: awsSecretAccessKey # Required.
name: keda-aws-secrets # Required.
name: test-secrets # Required.
key: AWS_SECRET_ACCESS_KEY # Required.
- parameter: awsSessionToken # Required when using temporary credentials.
name: test-secrets # Required when using temporary credentials.
key: AWS_SESSION_TOKEN # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down
13 changes: 9 additions & 4 deletions content/docs/2.6/scalers/aws-kinesis.md
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ You can use `TriggerAuthentication` CRD to configure the authenticate by providi

- `awsAccessKeyID` - Id of the user.
- `awsSecretAccessKey` - Access key for the user to authenticate with.
- `awsSessionToken` - Session token, only required when using [temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html).

The user will need `DescribeStreamSummary` IAM permission policy to read data from AWS Kinesis Streams.

Expand All @@ -61,8 +62,9 @@ metadata:
name: test-secrets
namespace: keda-test
data:
AWS_ACCESS_KEY_ID: <encoded-user-id>
AWS_SECRET_ACCESS_KEY: <encoded-key>
AWS_ACCESS_KEY_ID: <encoded-user-id> # Required.
AWS_SECRET_ACCESS_KEY: <encoded-key> # Required.
AWS_SESSION_TOKEN: <encoded-session-token> # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -72,11 +74,14 @@ metadata:
spec:
secretTargetRef:
- parameter: awsAccessKeyID # Required.
name: test-secrets # Required.
name: test-secrets # Required.
key: AWS_ACCESS_KEY_ID # Required.
- parameter: awsSecretAccessKey # Required.
name: test-secrets # Required.
name: test-secrets # Required.
key: AWS_SECRET_ACCESS_KEY # Required.
- parameter: awsSessionToken # Required when using temporary credentials.
name: test-secrets # Required when using temporary credentials.
key: AWS_SESSION_TOKEN # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down
9 changes: 7 additions & 2 deletions content/docs/2.6/scalers/aws-sqs.md
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@ You can use `TriggerAuthentication` CRD to configure the authenticate by providi

- `awsAccessKeyID` - Id of the user.
- `awsSecretAccessKey` - Access key for the user to authenticate with.
- `awsSessionToken` - Session token, only required when using [temporary credentials](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html).

The user will need access to read properties from the specified AWS SQS queue.

Expand Down Expand Up @@ -138,8 +139,9 @@ kind: Secret
metadata:
name: test-secrets
data:
AWS_ACCESS_KEY_ID: <encoded-user-id>
AWS_SECRET_ACCESS_KEY: <encoded-key>
AWS_ACCESS_KEY_ID: <encoded-user-id> # Required.
AWS_SECRET_ACCESS_KEY: <encoded-key> # Required.
AWS_SESSION_TOKEN: <encoded-session-token> # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: TriggerAuthentication
Expand All @@ -154,6 +156,9 @@ spec:
- parameter: awsSecretAccessKey # Required.
name: test-secrets # Required.
key: AWS_SECRET_ACCESS_KEY # Required.
- parameter: awsSessionToken # Required when using temporary credentials.
name: test-secrets # Required when using temporary credentials.
key: AWS_SESSION_TOKEN # Required when using temporary credentials.
---
apiVersion: keda.sh/v1alpha1
kind: ScaledObject
Expand Down

0 comments on commit 2f46be2

Please sign in to comment.