This is an automated email from the ASF dual-hosted git repository.
acosentino pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/camel.git
commit 346ccd83ee4c6c38856b42ba9669c777c996929b
Author: Andrea Cosentino <anco...@gmail.com>
AuthorDate: Fri Dec 4 11:48:26 2020 +0100
Camel-AWS2-S3: Use default credentials Provider docs update
---
components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
b/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
index c61d8fc..ffde72a 100644
--- a/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
+++ b/components/camel-aws2-s3/src/main/docs/aws2-s3-component.adoc
@@ -373,12 +373,12 @@ from("file:tmp/test?fileName=test.txt")
In this way you'll ask to S3, to use the KMS key
3f0637ad-296a-3dfe-a796-e60654fb128c, to encrypt the file test.txt. When you'll
ask to download this file, the decryption will be done directly before the
download.
-=== Use "useIAMCredentials" with the s3 component
+=== Use "useDefaultCredentialsProvider" with the s3 component and IAM
-To use AWS IAM credentials, you must first verify that the EC2 in which you
are launching the Camel application on has an IAM role associated with it
containing the appropriate policies attached to run effectively.
+To use AWS Default Credentials Provider, you must first verify that the EC2 in
which you are launching the Camel application on has an IAM role associated
with it containing the appropriate policies attached to run effectively.
Keep in mind that this feature should only be set to "true" on remote
instances. To clarify even further, you must still use static credentials
locally since IAM is an AWS specific component,
-but AWS environments should now be easier to manage. After this is implemented
and understood, you can set the query parameter "useIAMCredentials" to "true"
for AWS environments! To effectively toggle this
-on and off based on local and remote environments, you can consider enabling
this query parameter with system environment variables. For example, your code
could set the "useIAMCredentials" query parameter to "true",
+but AWS environments should now be easier to manage. After this is implemented
and understood, you can set the query parameter "useDefaultCredentialsProvider"
to "true" for AWS environments! To effectively toggle this
+on and off based on local and remote environments, you can consider enabling
this query parameter with system environment variables. For example, your code
could set the "useDefaultCredentialsProvider" query parameter to "true",
when the system environment variable called "isRemote" is set to true (there
are many other ways to do this and this should act as a simple example).
Although it doesn't take away the need for static credentials completely,
using IAM credentials on AWS environments takes away the need to refresh on
remote environments and adds a major security boost (IAM credentials are
refreshed automatically every 6 hours and update when their
policies are updated). This is the AWS recommended way to manage credentials
and therefore should be used as often as possible.
