From 6f18c57f5b7e74154144cd23ec8e57bfa3037635 Mon Sep 17 00:00:00 2001 From: Chris Thain Date: Mon, 21 Nov 2022 08:46:57 -0800 Subject: [PATCH] add snapshot agent docs for new S3 config options --- website/content/commands/snapshot/agent.mdx | 28 ++++++++++++++++++--- 1 file changed, 24 insertions(+), 4 deletions(-) diff --git a/website/content/commands/snapshot/agent.mdx b/website/content/commands/snapshot/agent.mdx index b82152f97e..4ff46dee38 100644 --- a/website/content/commands/snapshot/agent.mdx +++ b/website/content/commands/snapshot/agent.mdx @@ -170,6 +170,12 @@ Usage: `consul snapshot agent [options]` "aws_storage": { "access_key_id": "", "secret_access_key": "", + "session_token": "", + "iam_endpoint": "", + "role_arn": "", + "role_session_name": "", + "web_identity_token_file": "", + "sts_endpoint": "", "s3_region": "", "s3_bucket": "", "s3_key_prefix": "consul-snapshot", @@ -265,16 +271,30 @@ if desired. Note that despite the AWS references, any S3-compatible endpoint can be specified with `-aws-s3-endpoint`. -- `-aws-access-key-id` and `-aws-secret-access-key` - These arguments supply +- `-aws-access-key-id`, `-aws-secret-access-key` and `-aws-session-token` - These arguments supply static authentication information for connecting to S3. These may also be supplied using the following alternative methods:
- - `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables + - `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_SESSION_TOKEN` environment variables - A credentials file (`~/.aws/credentials` or the file at the path specified by the `AWS_SHARED_CREDENTIALS_FILE` environment variable) - ECS task role metadata (container-specific) - EC2 instance role metadata +- `-aws-iam-endpoint` - IAM endpoint to use when authenticating with static credentials. + Default is to use the global IAM endpoint. + +- `-aws-role-arn`, `-aws-role-session-name`, and `-aws-web-identity-token-file` - These arguments are + used to obtain temporary credentials by assuming an IAM role. These may also be supplied using + the following alternative methods:
+ + - `AWS_ROLE_ARN`, `AWS_ROLE_SESSION_NAME`, and `AWS_WEB_IDENTITY_TOKEN_FILE` environment variables. + - A credentials file (~/.aws/credentials or the file at the path specified by the + `AWS_SHARED_CREDENTIALS_FILE` environment variable) + +- `-aws-sts-endpoint` - STS endpoint to use for obtaining temporary credentials. + Default is to use the global STS endpoint. + - `-aws-s3-bucket` - S3 bucket to use. Required for S3 storage, and setting this disables local storage. This should be only the bucket name without any part of the key prefix. @@ -284,8 +304,8 @@ Note that despite the AWS references, any S3-compatible endpoint can be specifie - `-aws-s3-region` - S3 region to use. Required for S3 storage. -- `-aws-s3-endpoint` - Optional S3 endpoint to use. Can also be specified using the - AWS_S3_ENDPOINT environment variable. +- `-aws-s3-endpoint` - S3 endpoint to use. Can also be specified using the + `AWS_S3_ENDPOINT` environment variable. Defaults to the regional S3 endpoint. - `-aws-s3-server-side-encryption` - Enables saving snapshots to S3 using server side encryption with [Amazon S3-Managed Encryption Keys](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)