-
Story
-
Resolution: Done
-
Major
-
None
-
5
-
False
-
False
-
NEW
-
OBSDA-59 - CloudWatch log forwarding add-on needs to support STS installations
-
VERIFIED
-
-
Logging (Core) - Sprint 210, Logging (Core) - Sprint 211, Logging (Core) - Sprint 212, Logging (Core) - Sprint 213, Logging (Core) - Sprint 214, Logging (Core) - Sprint 215, Logging (Core) - Sprint 216
Story
As an administrator of cluster log forwarding,
I need to use an STS Role for authenticating to CloudWatch
so that my deployment does not rely on static access keys
Acceptance Criteria
- Logs are written to CW when configured with STS Role for authentication
"role" is a recognized secret key for authorization (Maybe "Role" depending upon the precedent of the other Keys)- "role_arn" is the recognized key when using sts, and it must specify a correctly formatted arn" ex. arn:aws:iam::123456789012:role/my-new-role
Notes
- Enabling STS: https://github.com/fluent-plugins-nursery/fluent-plugin-cloudwatch-logs#configuring-the-plugin-for-sts-authentication
- Role takes precedence over other credentials
Moto the AWS mock seems to implement STS:
1.
|
Modify Generator |
|
Closed | 
|
Casey Hartman |
2.
|
Impl Functional Test |
|
Closed | 
|
Casey Hartman |
3.
|
Manually Test on AWS Cluster |
|
Closed |
|
Casey Hartman |
