Uploaded image for project: 'OpenShift Logging'
  1. OpenShift Logging
  2. LOG-1977

Enable STS Role Support for CloudWatch in fluentd

    XMLWordPrintable

Details

    • 5
    • False
    • False
    • NEW
    • OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
    • VERIFIED
    • Logging (Core) - Sprint 210, Logging (Core) - Sprint 211, Logging (Core) - Sprint 212, Logging (Core) - Sprint 213, Logging (Core) - Sprint 214, Logging (Core) - Sprint 215, Logging (Core) - Sprint 216

    Description

      Story

      As an administrator of cluster log forwarding,
      I need to use an STS Role for authenticating to CloudWatch
      so that my deployment does not rely on static access keys

      Acceptance Criteria

      • Logs are written to CW when configured with STS Role for authentication
      • "role" is a recognized secret key for authorization (Maybe "Role" depending upon the precedent of the other Keys)
      • "role_arn" is the recognized key when using sts, and it must specify a correctly formatted arn"   ex.  arn:aws:iam::123456789012:role/my-new-role

      Notes

      Moto the AWS mock seems to implement STS:

      https://stackoverflow.com/questions/42542879/moto-mocking-sts-to-get-account-id-throwing-error-notimplementederror-the-get-c

      Attachments

        Activity

          People

            cahartma@redhat.com Casey Hartman
            jcantril@redhat.com Jeffrey Cantrill
            Anping Li Anping Li
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: