mirror of https://github.com/hashicorp/consul
backport of commit 6f18c57f5b
(#15529)
Co-authored-by: Chris Thain <chris.m.thain@gmail.com>pull/15530/head
parent
7c0eec4c1f
commit
b1526699ef
|
@ -170,6 +170,12 @@ Usage: `consul snapshot agent [options]`
|
||||||
"aws_storage": {
|
"aws_storage": {
|
||||||
"access_key_id": "",
|
"access_key_id": "",
|
||||||
"secret_access_key": "",
|
"secret_access_key": "",
|
||||||
|
"session_token": "",
|
||||||
|
"iam_endpoint": "",
|
||||||
|
"role_arn": "",
|
||||||
|
"role_session_name": "",
|
||||||
|
"web_identity_token_file": "",
|
||||||
|
"sts_endpoint": "",
|
||||||
"s3_region": "",
|
"s3_region": "",
|
||||||
"s3_bucket": "",
|
"s3_bucket": "",
|
||||||
"s3_key_prefix": "consul-snapshot",
|
"s3_key_prefix": "consul-snapshot",
|
||||||
|
@ -265,16 +271,30 @@ if desired.
|
||||||
|
|
||||||
Note that despite the AWS references, any S3-compatible endpoint can be specified with `-aws-s3-endpoint`.
|
Note that despite the AWS references, any S3-compatible endpoint can be specified with `-aws-s3-endpoint`.
|
||||||
|
|
||||||
- `-aws-access-key-id` and `-aws-secret-access-key` - These arguments supply
|
- `-aws-access-key-id`, `-aws-secret-access-key` and `-aws-session-token` - These arguments supply static
|
||||||
authentication information for connecting to S3. These may also be supplied using
|
authentication information for connecting to S3. These may also be supplied using
|
||||||
the following alternative methods:<br />
|
the following alternative methods:<br />
|
||||||
|
|
||||||
- `AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY` environment variables
|
- `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY` and `AWS_SESSION_TOKEN` environment variables
|
||||||
- A credentials file (`~/.aws/credentials` or the file at the path specified by the
|
- A credentials file (`~/.aws/credentials` or the file at the path specified by the
|
||||||
`AWS_SHARED_CREDENTIALS_FILE` environment variable)
|
`AWS_SHARED_CREDENTIALS_FILE` environment variable)
|
||||||
- ECS task role metadata (container-specific)
|
- ECS task role metadata (container-specific)
|
||||||
- EC2 instance role metadata
|
- EC2 instance role metadata
|
||||||
|
|
||||||
|
- `-aws-iam-endpoint` - IAM endpoint to use when authenticating with static credentials.
|
||||||
|
Default is to use the global IAM endpoint.
|
||||||
|
|
||||||
|
- `-aws-role-arn`, `-aws-role-session-name`, and `-aws-web-identity-token-file` - These arguments are
|
||||||
|
used to obtain temporary credentials by assuming an IAM role. These may also be supplied using
|
||||||
|
the following alternative methods:<br />
|
||||||
|
|
||||||
|
- `AWS_ROLE_ARN`, `AWS_ROLE_SESSION_NAME`, and `AWS_WEB_IDENTITY_TOKEN_FILE` environment variables.
|
||||||
|
- A credentials file (~/.aws/credentials or the file at the path specified by the
|
||||||
|
`AWS_SHARED_CREDENTIALS_FILE` environment variable)
|
||||||
|
|
||||||
|
- `-aws-sts-endpoint` - STS endpoint to use for obtaining temporary credentials.
|
||||||
|
Default is to use the global STS endpoint.
|
||||||
|
|
||||||
- `-aws-s3-bucket` - S3 bucket to use. Required for S3 storage, and setting this
|
- `-aws-s3-bucket` - S3 bucket to use. Required for S3 storage, and setting this
|
||||||
disables local storage. This should be only the bucket name without any
|
disables local storage. This should be only the bucket name without any
|
||||||
part of the key prefix.
|
part of the key prefix.
|
||||||
|
@ -284,8 +304,8 @@ Note that despite the AWS references, any S3-compatible endpoint can be specifie
|
||||||
|
|
||||||
- `-aws-s3-region` - S3 region to use. Required for S3 storage.
|
- `-aws-s3-region` - S3 region to use. Required for S3 storage.
|
||||||
|
|
||||||
- `-aws-s3-endpoint` - Optional S3 endpoint to use. Can also be specified using the
|
- `-aws-s3-endpoint` - S3 endpoint to use. Can also be specified using the
|
||||||
AWS_S3_ENDPOINT environment variable.
|
`AWS_S3_ENDPOINT` environment variable. Defaults to the regional S3 endpoint.
|
||||||
|
|
||||||
- `-aws-s3-server-side-encryption` - Enables saving snapshots to S3 using server side encryption with [Amazon S3-Managed Encryption Keys](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
|
- `-aws-s3-server-side-encryption` - Enables saving snapshots to S3 using server side encryption with [Amazon S3-Managed Encryption Keys](http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue