[ https://issues.apache.org/jira/browse/CAMEL-12907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16668253#comment-16668253 ]
Andrea Cosentino commented on CAMEL-12907: ------------------------------------------ It's not completely clear, to be honest. You have the possibility of defining the client as you want: it's there for this kind of situation. If we start creating options for corner-case or specific user case, we'll end to create only mess in the component. > AWS S3 assume role based access > ------------------------------- > > Key: CAMEL-12907 > URL: https://issues.apache.org/jira/browse/CAMEL-12907 > Project: Camel > Issue Type: New Feature > Components: camel-aws > Reporter: VINEET GANDHI > Assignee: Andrea Cosentino > Priority: Major > Attachments: awsS3.xml > > > We have a springboot application where camel context is initialized. Now we > have a rest endpoint which takes xml routes and add to context. > Now, for a route consisting of an S3 endpoint, we need to pass Access Key and > Secret Key for S3 access in component URI parameters but this is static in > nature and will not solve our problem. > So, another way provided by camel is to pass an S3 client as URI parameter > which can be used for AWS S3 access. Now, this S3 client first needs to be > created and added to the camel registry from where it can be referred by > camel context. > But, as per our architecture, we can't create this S3 client as part of the > application. If we use this approach then we will have to create a whole new > DSL in application which will take some AWS parameters and create and S3 > client for us. > Instead, what we want is that camel should provide a way to pass some URI > parameters(in our case - Role ARN) to S3 component, which internally will > generate an S3 client and use it for S3 access. So, in short we don't want to > create our own DSL for this purpose but want camel to support this feature. > Note: We know that camel internally supports creation of a client using the > role assigned to the machine where camel is running. This works only when we > have S3 bucket in the same AWS account where camel us running. But, if we > want to access a cross account S3 bucket then we can't use this feature. > We'll have to create our own client. > Note 2: For a client assuming an AWS IAM role > 1. client first needs to have permission to assume this role > 2. the role should add this particular client in its trust relationship > Catch: For enabling camel to support Role ARN as URI parameter for S3 > component so that camel can internally create an S3 client, camel still needs > some AWS credentials to assume this role. Now, camel doesn't have any AWS > credentials set up internally, so we need to pass some credentials which can > be used to assume the role we want to assume. That brings us to the same > problem which we were trying to overcome in the first place. > -- This message was sent by Atlassian JIRA (v7.6.3#76005)