[
https://issues.apache.org/jira/browse/CAMEL-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino resolved CAMEL-12907.
--------------------------------------
Resolution: Won't Fix
> AWS S3 assume role based access
> -------------------------------
>
> Key: CAMEL-12907
> URL: https://issues.apache.org/jira/browse/CAMEL-12907
> Project: Camel
> Issue Type: New Feature
> Components: camel-aws
> Reporter: VINEET GANDHI
> Assignee: Andrea Cosentino
> Priority: Major
> Attachments: awsS3.xml
>
>
> We have a springboot application where camel context is initialized. Now we
> have a rest endpoint which takes xml routes and add to context.
> Now, for a route consisting of an S3 endpoint, we need to pass Access Key and
> Secret Key for S3 access in component URI parameters but this is static in
> nature and will not solve our problem.
> So, another way provided by camel is to pass an S3 client as URI parameter
> which can be used for AWS S3 access. Now, this S3 client first needs to be
> created and added to the camel registry from where it can be referred by
> camel context.
> But, as per our architecture, we can't create this S3 client as part of the
> application. If we use this approach then we will have to create a whole new
> DSL in application which will take some AWS parameters and create and S3
> client for us.
> Instead, what we want is that camel should provide a way to pass some URI
> parameters(in our case - Role ARN) to S3 component, which internally will
> generate an S3 client and use it for S3 access. So, in short we don't want to
> create our own DSL for this purpose but want camel to support this feature.
> Note: We know that camel internally supports creation of a client using the
> role assigned to the machine where camel is running. This works only when we
> have S3 bucket in the same AWS account where camel us running. But, if we
> want to access a cross account S3 bucket then we can't use this feature.
> We'll have to create our own client.
> Note 2: For a client assuming an AWS IAM role
> 1. client first needs to have permission to assume this role
> 2. the role should add this particular client in its trust relationship
> Catch: For enabling camel to support Role ARN as URI parameter for S3
> component so that camel can internally create an S3 client, camel still needs
> some AWS credentials to assume this role. Now, camel doesn't have any AWS
> credentials set up internally, so we need to pass some credentials which can
> be used to assume the role we want to assume. That brings us to the same
> problem which we were trying to overcome in the first place.
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
