[ 
https://issues.apache.org/jira/browse/CAMEL-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16668253#comment-16668253
 ] 

Andrea Cosentino commented on CAMEL-12907:
------------------------------------------

It's not completely clear, to be honest. You have the possibility of defining 
the client as you want: it's there for this kind of situation. If we start 
creating options for corner-case or specific user case, we'll end to create 
only mess in the component.

> AWS S3 assume role based access
> -------------------------------
>
>                 Key: CAMEL-12907
>                 URL: https://issues.apache.org/jira/browse/CAMEL-12907
>             Project: Camel
>          Issue Type: New Feature
>          Components: camel-aws
>            Reporter: VINEET GANDHI
>            Assignee: Andrea Cosentino
>            Priority: Major
>         Attachments: awsS3.xml
>
>
> We have a springboot application where camel context is initialized. Now we 
> have a rest endpoint which takes xml routes and add to context.
> Now, for a route consisting of an S3 endpoint, we need to pass Access Key and 
> Secret Key for S3 access in component URI parameters but this is static in 
> nature and will not solve our problem.
> So, another way provided by camel is to pass an S3 client as URI parameter 
> which can be used for AWS S3 access. Now, this S3 client first needs to be 
> created and added to the camel registry from where it can be referred by 
> camel context.
> But, as per our architecture, we can't create this S3 client as part of the 
> application. If we use this approach then we will have to create a whole new 
> DSL in application which will take some AWS parameters and create and S3 
> client for us.
> Instead, what we want is that camel should provide a way to pass some URI 
> parameters(in our case - Role ARN) to S3 component, which internally will 
> generate an S3 client and use it for S3 access. So, in short we don't want to 
> create our own DSL for this purpose but want camel to support this feature.
> Note: We know that camel internally supports creation of a client using the 
> role assigned to the machine where camel is running. This works only when we 
> have S3 bucket in the same AWS account where camel us running. But, if we 
> want to access a cross account S3 bucket then we can't use this feature. 
> We'll have to create our own client.
> Note 2: For a client assuming an AWS IAM role 
>     1. client first needs to have permission to assume this role
>     2. the role should add this particular client in its trust relationship
> Catch: For enabling camel to support Role ARN as URI parameter for S3 
> component so that camel can internally create an S3 client, camel still needs 
> some AWS credentials to assume this role. Now, camel doesn't have any AWS 
> credentials set up internally, so we need to pass some credentials which can 
> be used to assume the role we want to assume. That brings us to the same 
> problem which we were trying to overcome in the first place.
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to