AWS common configuration (proto)

extensions.common.aws.v3.AwsCredentialProvider

[extensions.common.aws.v3.AwsCredentialProvider proto]

Configuration for AWS credential provider. Normally, this is optional and the credentials are retrieved from the environment or AWS configuration files by following the default credential provider chain. This is to support cases where the credentials need to be explicitly provided by the control plane.

{
  "assume_role_with_web_identity": {...},
  "inline_credential": {...}
}

assume_role_with_web_identity

(extensions.common.aws.v3.AssumeRoleWithWebIdentityCredentialProvider) The option to use AssumeRoleWithWebIdentity. If inline_credential is set, this is ignored.

inline_credential

(extensions.common.aws.v3.InlineCredentialProvider) The option to use an inline credential. If this is set, it takes precedence over assume_role_with_web_identity.

extensions.common.aws.v3.InlineCredentialProvider

[extensions.common.aws.v3.InlineCredentialProvider proto]

Configuration to use an inline AWS credential. This is an equivalent to setting the well-known environment variables AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and the optional AWS_SESSION_TOKEN.

{
  "access_key_id": ...,
  "secret_access_key": ...,
  "session_token": ...
}

access_key_id

(string, REQUIRED) The AWS access key ID.

secret_access_key

(string, REQUIRED) The AWS secret access key.

session_token

(string) The AWS session token. This is optional.

extensions.common.aws.v3.AssumeRoleWithWebIdentityCredentialProvider

[extensions.common.aws.v3.AssumeRoleWithWebIdentityCredentialProvider proto]

Configuration to use AssumeRoleWithWebIdentity to get AWS credentials.

{
  "role_arn": ...,
  "web_identity_token": ...
}

role_arn

(string, REQUIRED) The ARN of the role to assume.

web_identity_token

(string, REQUIRED) The web identity token that is provided by the identity provider to assume the role.