Amazon Aws External Server

Amazon Aws External Servers are used to provide information needed to connect and interact with components of the Amazon Web Service.

Authentication to AWS may be performed using any of a number of mechanisms. If an authentication-method is specified, then the requested authentication method will be used. Otherwise, if the aws-access-key-id and aws-secret-access-key properties are specified, then the specified access key will be used to authenticate. Otherwise, authentication will be attempted with an IAM role, and the server must be running in an AWS instance or container that is configured with the desired IAM role with permission to perform the necessary operations.

Parent Component Relations from This Component Relations to This Component Properties dsconfig Usage

Parent Component

The Amazon Aws External Server component inherits from the External Server

Relations from This Component

The following components have a direct aggregation relation from Amazon Aws External Servers:

Relations to This Component

The following components have a direct aggregation relation to Amazon Aws External Servers:

Properties

The properties supported by this managed object are as follows:


Basic Properties: Advanced Properties:
 description  None
 http-proxy-external-server
 authentication-method
 aws-access-key-id
 aws-secret-access-key
 aws-region-name

Basic Properties

description

Description
A description for this External Server
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

http-proxy-external-server

Description
A reference to an HTTP proxy server that should be used for requests sent to the AWS service.
Default Value
No HTTP proxy server will be used.
Allowed Values
The DN of any HTTP Proxy External Server.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

authentication-method

Description
The mechanism to use to authenticate to AWS. If this is not specified, then the server will attempt to automatically determine an appropriate authentication method. If an access key ID and secret access key are configured, then the access-key authentication method will be used. Otherwise, the iam-role authentication method will be used.
Default Value
Attempt to automatically determine the appropriate authentication mechanism.
Allowed Values
default-provider-chain - Authenticate using the default credential provider chain. According to AWS documentation, this chain uses the following logic: 1. If the aws.accessKeyID and aws.secretAccessKey system properties are set, then use the system property credentials provider to authenticate with that access key. 2. If the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables are set, then use the environment variable credentials provider to authenticate with that access key. 3. If possible, use the web identity token file credentials provider to obtain credentials from Java system properties or environment variables. 4. If possible, use the profile credentials provider to load credentials from the "[default]" credentials profile. 5. If possible, use the container credentials provider to load credentials from the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable. 6. If possible, use the instance profile credentials provider to load credentials from the EC2 metadata service.

access-key - Authenticate with an access key, using the AWS basic credentials provider. The aws-access-key-id and aws-secret-access-key properties must be used to specify the necessary information.

iam-role - Authenticate with an IAM role, using the AWS instance profile credentials provider.

irsa-role - Authenticate with an IAM Role for Service Accounts, using the AWS web identity token file credentials provider.
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

aws-access-key-id

Description
The access key ID that will be used if authentication should use an access key. If this is provided, then an aws-secret-access-key must also be provided.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

aws-secret-access-key

Description
The secret access key that will be used if authentication should use an access key. If this is provided, then an aws-access-key-id must also be provided.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
No
Admin Action Required
None. Modification requires no further action

aws-region-name

Description
The name of the AWS region containing the resources that will be accessed.
Default Value
None
Allowed Values
A string
Multi-Valued
No
Required
Yes
Admin Action Required
None. Modification requires no further action


dsconfig Usage

To list the configured External Servers:

dsconfig list-external-servers
     [--property {propertyName}] ...

To view the configuration for an existing External Server:

dsconfig get-external-server-prop
     --server-name {name}
     [--tab-delimited]
     [--script-friendly]
     [--property {propertyName}] ...

To update the configuration for an existing External Server:

dsconfig set-external-server-prop
     --server-name {name}
     (--set|--add|--remove) {propertyName}:{propertyValue}
     [(--set|--add|--remove) {propertyName}:{propertyValue}] ...

To create a new Amazon Aws External Server:

dsconfig create-external-server
     --server-name {name}
     --type amazon-aws
     --set aws-region-name:{propertyValue}
     [--set {propertyName}:{propertyValue}] ...

To delete an existing External Server:

dsconfig delete-external-server
     --server-name {name}