github.com/Jeffail/benthos/v3@v3.65.0/website/docs/guides/cloud/aws.md

github.com/Jeffail/benthos/v3@v3.65.0/website/docs/guides/cloud/aws.md (about)

     1  ---
     2  title: Amazon Web Services
     3  description: Find out about AWS components in Benthos
     4  ---
     5  
     6  There are many components within Benthos which utilise AWS services. You will find that each of these components contains a configuration section under the field `credentials`, of the format:
     7  
     8  ```yml
     9  credentials:
    10    profile: ""
    11    id: ""
    12    secret: ""
    13    token: ""
    14    role: ""
    15    role_external_id: ""
    16  ```
    17  
    18  This section contains many fields and it isn't immediately clear which of them are compulsory and which aren't. This document aims to make it clear what each field is responsible for and how it might be used.
    19  
    20  ### None of these fields are compulsory
    21  
    22  The first thing to make clear is that _all_ of these fields are optional. When all fields are left blank Benthos will attempt to load credentials from a shared credentials file (`~/.aws/credentials`). The profile loaded will be `default` unless the `AWS_PROFILE` environment variable is set.
    23  
    24  ## Explicit Credentials
    25  
    26  By explicitly setting the credentials you are using at the component level it's possible to connect to components using different accounts within the same Benthos process.
    27  
    28  ### Selecting a Profile
    29  
    30  If you are using your shared credentials file but wish to explicitly select a profile set the `profile` field:
    31  
    32  ```yml
    33  credentials:
    34    profile: foo
    35  ```
    36  
    37  ### Manual
    38  
    39  If you are using long term credentials for your account you only need to set the fields `id` and `secret`:
    40  
    41  ```yml
    42  credentials:
    43    id: foo     # aws_access_key_id
    44    secret: bar # aws_secret_access_key
    45  ```
    46  
    47  If you are using short term credentials then you will also need to set the field `token`:
    48  
    49  ```yml
    50  credentials:
    51    id: foo     # aws_access_key_id
    52    secret: bar # aws_secret_access_key
    53    token: baz  # aws_session_token
    54  ```
    55  
    56  ## Assuming a Role
    57  
    58  It's also possible to configure Benthos to [assume a role][assuming-role] using your credentials by setting the field `role` to your target role ARN.
    59  
    60  ```yml
    61  credentials:
    62    role: fooarn # Role ARN
    63  ```
    64  
    65  This does NOT require explicit credentials, but it's possible to use both.
    66  
    67  If you need to assume a role owned by another organisation they might require you to [provide an external ID][role-external-id], in which case place it in the field `role_external_id`:
    68  
    69  ```yml
    70  credentials:
    71    role: fooarn # Role ARN
    72    role_external_id: bar_id
    73  ```
    74  
    75  [temporary-creds]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html
    76  [assuming-role]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use.html
    77  [role-external-id]: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html