AWS S3 assume role based access

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

AWS S3 assume role based access

Gandhi, Vineet
Hi,

Currently in camel aws-s3 component there is a provision to access account using access-key and shared-key as URI options.
Is there any provision to give role  ARN as URI option in aws-s3 URI?
Then camel can internally generate the s3client for the role passed.


Regards,
Vineet


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
Reply | Threaded
Open this post in threaded view
|

R: AWS S3 assume role based access

Andrea Cosentino-2
Hello,
If you have special needs for your S3 client, you can instantiate the client and set it on the Camel registry. Then you'll be able to pass the client as URI option as reported in the documentation on GitHub.
At URI option level there is no roles option provided actually

Inviato da Yahoo Mail su Android
 
  Il mer, 24 ott, 2018 alle 16:32, Gandhi, Vineet<[hidden email]> ha scritto:   Hi,

Currently in camel aws-s3 component there is a provision to access account using access-key and shared-key as URI options.
Is there any provision to give role  ARN as URI option in aws-s3 URI?
Then camel can internally generate the s3client for the role passed.


Regards,
Vineet


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
 
Reply | Threaded
Open this post in threaded view
|

Re: AWS S3 assume role based access

Gandhi, Vineet
Thanks for prompt reply.

Currently we are instantiating the s3client and adding in registry, that works well with JAVA DSL as the class is present in jar
For our current requirement we don’t have provision to add client in registry or say the class in not present in shipped jar.
Basically we are shipping xml with routes to client where only basic camel based application with all components say camel-aws is running.
Can we have a URI option which can be specified in xml to provision role or is that in newer camel release?

Regards,
Vineet

From: Andrea Cosentino <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Wednesday, 24 October 2018 at 8:14 PM
To: "[hidden email]" <[hidden email]>, "Gandhi, Vineet" <[hidden email]>, "[hidden email]" <[hidden email]>
Cc: "Sharma, Mukul A" <[hidden email]>
Subject: R: AWS S3 assume role based access

Hello,

If you have special needs for your S3 client, you can instantiate the client and set it on the Camel registry. Then you'll be able to pass the client as URI option as reported in the documentation on GitHub.

At URI option level there is no roles option provided actually
Inviato da Yahoo Mail su Android<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature>

Il mer, 24 ott, 2018 alle 16:32, Gandhi, Vineet
<[hidden email]> ha scritto:
Hi,

Currently in camel aws-s3 component there is a provision to access account using access-key and shared-key as URI options.
Is there any provision to give role  ARN as URI option in aws-s3 URI?
Then camel can internally generate the s3client for the role passed.


Regards,
Vineet


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
Reply | Threaded
Open this post in threaded view
|

R: Re: AWS S3 assume role based access

Andrea Cosentino-2
No, there is no option in newest releases. You can raise a feature request in the Camel JIRA and I can have a look. In the JIRA please describe your specific use case and architecture.
Thanks

Inviato da Yahoo Mail su Android
 
  Il mer, 24 ott, 2018 alle 16:52, Gandhi, Vineet<[hidden email]> ha scritto:   Thanks for prompt reply.

Currently we are instantiating the s3client and adding in registry, that works well with JAVA DSL as the class is present in jar
For our current requirement we don’t have provision to add client in registry or say the class in not present in shipped jar.
Basically we are shipping xml with routes to client where only basic camel based application with all components say camel-aws is running.
Can we have a URI option which can be specified in xml to provision role or is that in newer camel release?

Regards,
Vineet

From: Andrea Cosentino <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Wednesday, 24 October 2018 at 8:14 PM
To: "[hidden email]" <[hidden email]>, "Gandhi, Vineet" <[hidden email]>, "[hidden email]" <[hidden email]>
Cc: "Sharma, Mukul A" <[hidden email]>
Subject: R: AWS S3 assume role based access

Hello,

If you have special needs for your S3 client, you can instantiate the client and set it on the Camel registry. Then you'll be able to pass the client as URI option as reported in the documentation on GitHub.

At URI option level there is no roles option provided actually
Inviato da Yahoo Mail su Android<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers⁡_wl=ym⁡_sub1=Internal⁡_sub2=Global_YGrowth⁡_sub3=EmailSignature>

Il mer, 24 ott, 2018 alle 16:32, Gandhi, Vineet
<[hidden email]> ha scritto:
Hi,

Currently in camel aws-s3 component there is a provision to access account using access-key and shared-key as URI options.
Is there any provision to give role  ARN as URI option in aws-s3 URI?
Then camel can internally generate the s3client for the role passed.


Regards,
Vineet


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.
 
Reply | Threaded
Open this post in threaded view
|

Re: AWS S3 assume role based access

Gandhi, Vineet
In reply to this post by Gandhi, Vineet
Hi,

Created below jira for the issue explained
https://issues.apache.org/jira/browse/CAMEL-12907

Revert back or update jira in case of more information required. I hope this ARN based access gets in camel soon 😊

Regards,
Vineet

From: Andrea Cosentino <[hidden email]>
Reply-To: "[hidden email]" <[hidden email]>
Date: Thursday, 25 October 2018 at 7:37 AM
To: "[hidden email]" <[hidden email]>, "Gandhi, Vineet" <[hidden email]>, "[hidden email]" <[hidden email]>
Cc: "Sharma, Mukul A" <[hidden email]>
Subject: R: Re: AWS S3 assume role based access

No, there is no option in newest releases. You can raise a feature request in the Camel JIRA and I can have a look. In the JIRA please describe your specific use case and architecture.

Thanks
Inviato da Yahoo Mail su Android<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature>

Il mer, 24 ott, 2018 alle 16:52, Gandhi, Vineet
<[hidden email]> ha scritto:
Thanks for prompt reply.

Currently we are instantiating the s3client and adding in registry, that works well with JAVA DSL as the class is present in jar
For our current requirement we don’t have provision to add client in registry or say the class in not present in shipped jar.
Basically we are shipping xml with routes to client where only basic camel based application with all components say camel-aws is running.
Can we have a URI option which can be specified in xml to provision role or is that in newer camel release?

Regards,
Vineet

From: Andrea Cosentino <[hidden email]<mailto:[hidden email]>>
Reply-To: "[hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>
Date: Wednesday, 24 October 2018 at 8:14 PM
To: "[hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>, "Gandhi, Vineet" <[hidden email]<mailto:[hidden email]>>, "[hidden email]<mailto:[hidden email]>" <[hidden email]<mailto:[hidden email]>>
Cc: "Sharma, Mukul A" <[hidden email]<mailto:[hidden email]>>
Subject: R: AWS S3 assume role based access

Hello,

If you have special needs for your S3 client, you can instantiate the client and set it on the Camel registry. Then you'll be able to pass the client as URI option as reported in the documentation on GitHub.

At URI option level there is no roles option provided actually
Inviato da Yahoo Mail su Android<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers⁡_wl=ym⁡_sub1=Internal⁡_sub2=Global_YGrowth⁡_sub3=EmailSignature<https://go.onelink.me/107872968?pid=InProduct&c=Global_Internal_YGrowth_AndroidEmailSig__AndroidUsers&af_wl=ym&af_sub1=Internal&af_sub2=Global_YGrowth&af_sub3=EmailSignature>>

Il mer, 24 ott, 2018 alle 16:32, Gandhi, Vineet
<[hidden email]<mailto:[hidden email]>> ha scritto:
Hi,

Currently in camel aws-s3 component there is a provision to access account using access-key and shared-key as URI options.
Is there any provision to give role  ARN as URI option in aws-s3 URI?
Then camel can internally generate the s3client for the role passed.


Regards,
Vineet


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.


This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.

This e-mail, including attachments, may include confidential and/or
proprietary information, and may be used only by the person or entity
to which it is addressed. If the reader of this e-mail is not the intended
recipient or his or her authorized agent, the reader is hereby notified
that any dissemination, distribution or copying of this e-mail is
prohibited. If you have received this e-mail in error, please notify the
sender by replying to this message and delete this e-mail immediately.