Amazon Aws External Servers are used to provide information needed to connect and interact with components of the Amazon Web Service.
Authentication to AWS may be performed using any of a number of mechanisms. If an authentication-method is specified, then the requested authentication method will be used. Otherwise, if the aws-access-key-id and aws-secret-access-key properties are specified, then the specified access key will be used to authenticate. Otherwise, authentication will be attempted with an IAM role, and the server must be running in an AWS instance or container that is configured with the desired IAM role with permission to perform the necessary operations.
The Amazon Aws External Server component inherits from the External Server
The following components have a direct aggregation relation from Amazon Aws External Servers:
The following components have a direct aggregation relation to Amazon Aws External Servers:
The properties supported by this managed object are as follows:
| Basic Properties: | Advanced Properties: |
|---|---|
| description | None |
| http-proxy-external-server | |
| authentication-method | |
| aws-access-key-id | |
| aws-secret-access-key | |
| aws-region-name |
| Description | A description for this External Server |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | A reference to an HTTP proxy server that should be used for requests sent to the AWS service. |
| Default Value | No HTTP proxy server will be used. |
| Allowed Values | The DN of any HTTP Proxy External Server. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The mechanism to use to authenticate to AWS. If this is not specified, then the server will attempt to automatically determine an appropriate authentication method. If an access key ID and secret access key are configured, then the access-key authentication method will be used. Otherwise, the iam-role authentication method will be used. |
| Default Value | Attempt to automatically determine the appropriate authentication mechanism. |
| Allowed Values | default-provider-chain - Authenticate using the default credential provider chain. According to AWS documentation, this chain uses the following logic:
1. If the aws.accessKeyID and aws.secretAccessKey system properties are set, then use the system property credentials provider to authenticate with that access key.
2. If the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set, then use the environment variable credentials provider to authenticate with that access key.
3. If possible, use the web identity token file credentials provider to obtain credentials from Java system properties or environment variables.
4. If possible, use the profile credentials provider to load credentials from the "[default]" credentials profile.
5. If possible, use the container credentials provider to load credentials from the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable.
6. If possible, use the instance profile credentials provider to load credentials from the EC2 metadata service.
access-key - Authenticate with an access key, using the AWS basic credentials provider. The aws-access-key-id and aws-secret-access-key properties must be used to specify the necessary information. iam-role - Authenticate with an IAM role, using the AWS instance profile credentials provider. irsa-role - Authenticate with an IAM Role for Service Accounts, using the AWS web identity token file credentials provider. |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The access key ID that will be used if authentication should use an access key. If this is provided, then an aws-secret-access-key must also be provided. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The secret access key that will be used if authentication should use an access key. If this is provided, then an aws-access-key-id must also be provided. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | No |
| Admin Action Required | None. Modification requires no further action |
| Description | The name of the AWS region containing the resources that will be accessed. |
| Default Value | None |
| Allowed Values | A string |
| Multi-Valued | No |
| Required | Yes |
| Admin Action Required | None. Modification requires no further action |
To list the configured External Servers:
dsconfig list-external-servers
[--property {propertyName}] ...
To view the configuration for an existing External Server:
dsconfig get-external-server-prop
--server-name {name}
[--tab-delimited]
[--script-friendly]
[--property {propertyName}] ...
To update the configuration for an existing External Server:
dsconfig set-external-server-prop
--server-name {name}
(--set|--add|--remove) {propertyName}:{propertyValue}
[(--set|--add|--remove) {propertyName}:{propertyValue}] ...
To create a new Amazon Aws External Server:
dsconfig create-external-server
--server-name {name}
--type amazon-aws
--set aws-region-name:{propertyValue}
[--set {propertyName}:{propertyValue}] ...
To delete an existing External Server:
dsconfig delete-external-server
--server-name {name}