You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@camel.apache.org by ac...@apache.org on 2020/12/04 12:24:22 UTC
[camel] 01/02: Camel-AWS2-S3: Use default credentials Provider docs
update
This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 346ccd83ee4c6c38856b42ba9669c777c996929b
Author: Andrea Cosentino <an...@gmail.com>
AuthorDate: Fri Dec 4 11:48:26 2020 +0100
Camel-AWS2-S3: Use default credentials Provider docs update
---
components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc b/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
index c61d8fc..ffde72a 100644
--- a/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
+++ b/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
@@ -373,12 +373,12 @@ from("file:tmp/test?fileName=test.txt")
In this way you'll ask to S3, to use the KMS key 3f0637ad-296a-3dfe-a796-e60654fb128c, to encrypt the file test.txt. When you'll ask to download this file, the decryption will be done directly before the download.
-=== Use "useIAMCredentials" with the s3 component
+=== Use "useDefaultCredentialsProvider" with the s3 component and IAM
-To use AWS IAM credentials, you must first verify that the EC2 in which you are launching the Camel application on has an IAM role associated with it containing the appropriate policies attached to run effectively.
+To use AWS Default Credentials Provider, you must first verify that the EC2 in which you are launching the Camel application on has an IAM role associated with it containing the appropriate policies attached to run effectively.
Keep in mind that this feature should only be set to "true" on remote instances. To clarify even further, you must still use static credentials locally since IAM is an AWS specific component,
-but AWS environments should now be easier to manage. After this is implemented and understood, you can set the query parameter "useIAMCredentials" to "true" for AWS environments! To effectively toggle this
-on and off based on local and remote environments, you can consider enabling this query parameter with system environment variables. For example, your code could set the "useIAMCredentials" query parameter to "true",
+but AWS environments should now be easier to manage. After this is implemented and understood, you can set the query parameter "useDefaultCredentialsProvider" to "true" for AWS environments! To effectively toggle this
+on and off based on local and remote environments, you can consider enabling this query parameter with system environment variables. For example, your code could set the "useDefaultCredentialsProvider" query parameter to "true",
when the system environment variable called "isRemote" is set to true (there are many other ways to do this and this should act as a simple example). Although it doesn't take away the need for static credentials completely,
using IAM credentials on AWS environments takes away the need to refresh on remote environments and adds a major security boost (IAM credentials are refreshed automatically every 6 hours and update when their
policies are updated). This is the AWS recommended way to manage credentials and therefore should be used as often as possible.