@itentialopensource/adapter-amazon_route53 0.4.5 → 0.4.6

package/AUTH.md

@@ -36,35 +36,58 @@ you can leave all of the other properties in the authentication section, they wi
 ### AWS Security Token Service
 The Amazon Route53 adapter also supports AWS Security Token Service (STS) Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the STS information into the method.
 
+```json
+{
+  "RoleArn": "arn:aws:iam::1234567:role/my_role",
+  "RoleSessionName": "mySession"
+}
+```
+
+The AWS STS Authentication goes to the AWS STS Service endpoint in order to validate that the primary "service" account the adapter has authenticated with has the permission to assume the role. This call is made to sts.amazonaws.com or a regional sts sevice (e.g. sts.us-east-1.amazonaws.com). By default traffic to these endpoints will go out through the Internet. In the case where you would prefer these route through your network, it is possible to change the STS config for the adapter. The proxy field should point to the AWS loadbalancer or a proxy server that forwards to AWS STS. In Itential Cloud, this can be NAT'd to your network. In addition to this, you may need to set the endpoint in order to have the STS SSL certificate validated successfully. By default the adapter will use sts regional servers. If the loadbalancer and proxy are set up for that you should be fine. If however, they point to the global STS service (sts.amazonaws.com) You will need to set the global as the endpoint or the STS certificate will be rejected due to the hosts not matching.
+
+```json
+"authentication": {
+  "aws_sts": {
+    "endpoint": "<sts certificate endpoint>",
+    "proxy": "<proxy/loadbalancer ip>",
+  }
+}
+```
+
 ### AWS IAM Role
 The Amazon Route53 adapter also supports AWS IAM Role Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the RoleName into the method.
 
+```json
+"authentication": {
+  "auth_method": "aws_authentication",
+  "aws_iam_role": "role_arn"
+}
+```
+
 ### AMAZON STEPS FOR IAM ROLE
-Increase number of hops if running IAP inside of docker on EC2 instance
+Increase number of hops if running IAP inside of docker on an AWS instance
 ```bash
 aws sso login --profile aws-bota-1
 <export aws keys for CLI access>
 
-aws ec2 modify-instance-metadata-options  --instance-id i-0e150236026b7c45d  --http-put-response-hop-limit 3 --http-endpoint enabled --region us-east-1
+Amazon ec2 modify-instance-metadata-options  --instance-id i-0e150236026b7c45d  --http-put-response-hop-limit 3 --http-endpoint enabled --region us-east-1
 ```
 
 Create a new role and attach to it policies:
-- go to your EC2 instance, select it
+- go to your Route53 instance, select it
 - Actions->Security->Modify IAM Role
 - Click 'Create New IAM Role'
 - Create a role:
 ```text
 Trusted entity type: AWS service
-Use Case: EC2
+Use Case: Route53
 ```
 
-Add policies to the role
-- AmazonEC2FullAccess (Provides full access to Amazon EC2 via the AWS Management Console.)
-- AmazonRoute53FullAccess (Provides full access to all Amazon Route 53 via the AWS Management Console.)
+Add needed Route53 policies to the role
 
 Save the role
 
-Go back to your EC2 instance and Actions->Security->Modify IAM Role, associate newly created role with your EC2 instance
+Go back to Route53 and Actions->Security->Modify IAM Role, associate newly created role with your Route53 instance
 
 ### Troubleshooting
 - Make sure you copied over the correct access key, secret key and session token.

package/CHANGELOG.md

@@ -1,4 +1,12 @@
 
+## 0.4.6 [09-30-2024]
+
+* update auth docs
+
+See merge request itentialopensource/adapters/adapter-amazon_route53!22
+
+---
+
 ## 0.4.5 [09-12-2024]
 
 * add properties for sts

package/TAB2.md

@@ -47,35 +47,58 @@ you can leave all of the other properties in the authentication section, they wi
 #### AWS Security Token Service
 The Amazon Route53 adapter also supports AWS Security Token Service (STS) Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the STS information into the method.
 
+```json
+{
+  "RoleArn": "arn:aws:iam::1234567:role/my_role",
+  "RoleSessionName": "mySession"
+}
+```
+
+The AWS STS Authentication goes to the AWS STS Service endpoint in order to validate that the primary "service" account the adapter has authenticated with has the permission to assume the role. This call is made to sts.amazonaws.com or a regional sts sevice (e.g. sts.us-east-1.amazonaws.com). By default traffic to these endpoints will go out through the Internet. In the case where you would prefer these route through your network, it is possible to change the STS config for the adapter. The proxy field should point to the AWS loadbalancer or a proxy server that forwards to AWS STS. In Itential Cloud, this can be NAT'd to your network. In addition to this, you may need to set the endpoint in order to have the STS SSL certificate validated successfully. By default the adapter will use sts regional servers. If the loadbalancer and proxy are set up for that you should be fine. If however, they point to the global STS service (sts.amazonaws.com) You will need to set the global as the endpoint or the STS certificate will be rejected due to the hosts not matching.
+
+```json
+"authentication": {
+  "aws_sts": {
+    "endpoint": "<sts certificate endpoint>",
+    "proxy": "<proxy/loadbalancer ip>",
+  }
+}
+```
+
 #### AWS IAM Role
 The Amazon Route53 adapter also supports AWS IAM Role Authentication. For using this authentication, you need to use the calls in the Adapter that have the STSRole suffix on them and pass the RoleName into the method.
 
+```json
+"authentication": {
+  "auth_method": "aws_authentication",
+  "aws_iam_role": "role_arn"
+}
+```
+
 #### AMAZON STEPS FOR IAM ROLE
-Increase number of hops if running IAP inside of docker on EC2 instance
+Increase number of hops if running IAP inside of docker on an AWS instance
 ```bash
 aws sso login --profile aws-bota-1
 <export aws keys for CLI access>
 
-aws ec2 modify-instance-metadata-options  --instance-id i-0e150236026b7c45d  --http-put-response-hop-limit 3 --http-endpoint enabled --region us-east-1
+Amazon ec2 modify-instance-metadata-options  --instance-id i-0e150236026b7c45d  --http-put-response-hop-limit 3 --http-endpoint enabled --region us-east-1
 ```
 
 Create a new role and attach to it policies:
-- go to your EC2 instance, select it
+- go to your Route53 instance, select it
 - Actions->Security->Modify IAM Role
 - Click 'Create New IAM Role'
 - Create a role:
 ```text
 Trusted entity type: AWS service
-Use Case: EC2
+Use Case: Route53
 ```
 
-Add policies to the role
-- AmazonEC2FullAccess (Provides full access to Amazon EC2 via the AWS Management Console.)
-- AmazonRoute53FullAccess (Provides full access to all Amazon Route 53 via the AWS Management Console.)
+Add needed Route53 policies to the role
 
 Save the role
 
-Go back to your EC2 instance and Actions->Security->Modify IAM Role, associate newly created role with your EC2 instance
+Go back to Route53 and Actions->Security->Modify IAM Role, associate newly created role with your Route53 instance
 
 #### Troubleshooting
 - Make sure you copied over the correct access key, secret key and session token.

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@itentialopensource/adapter-amazon_route53",
-  "version": "0.4.5",
+  "version": "0.4.6",
   "description": "This adapter integrates with system described as: Amazon Route53.",
   "main": "adapter.js",
   "systemName": "Amazon AWS Route53",

package/report/adapterInfo.json

@@ -1,5 +1,5 @@
 {
-  "version": "0.4.4",
+  "version": "0.4.5",
   "configLines": 9935,
   "scriptLines": 1783,
   "codeLines": 9292,