package envoy.extensions.common.aws.v3

Get desktop application:
View/edit binary Protocol Buffers messages

Configuration to use `AssumeRoleWithWebIdentity <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html>`_ to retrieve AWS credentials.

Used in: AwsCredentialProvider

optional config.core.v3.DataSource web_identity_token_data_source = 1
Data source for a web identity token that is provided by the identity provider to assume the role. When using this data source, even if a ``watched_directory`` is provided, the token file will only be re-read when the credentials returned from AssumeRoleWithWebIdentity expire.
string role_arn = 2
The ARN of the role to assume.
string role_session_name = 3
Optional role session name to use in AssumeRoleWithWebIdentity API call.

Configuration for AWS credential provider. This is optional and the credentials are normally retrieved from the environment or AWS configuration files by following the default credential provider chain. However, this configuration can be used to override the default behavior.

Used in: filters.http.aws_request_signing.v3.AwsRequestSigning

optional AssumeRoleWithWebIdentityCredentialProvider assume_role_with_web_identity_provider = 1
The option to use `AssumeRoleWithWebIdentity <https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRoleWithWebIdentity.html>`_.
optional InlineCredentialProvider inline_credential = 2
The option to use an inline credential. If inline credential is provided, no chain will be created and only the inline credential will be used.
optional CredentialsFileCredentialProvider credentials_file_provider = 3
The option to specify parameters for credential retrieval from an envoy data source, such as a file in AWS credential format.
bool custom_credential_provider_chain = 4
Create a custom credential provider chain instead of the default credential provider chain. If set to TRUE, the credential provider chain that is created contains only those set in this credential provider message. If set to FALSE, the settings provided here will act as modifiers to the default credential provider chain. Defaults to FALSE. This has no effect if inline_credential is provided.

Used in: AwsCredentialProvider

optional config.core.v3.DataSource credentials_data_source = 1
Data source from which to retrieve AWS credentials When using this data source, if a ``watched_directory`` is provided, the credential file will be re-read when a file move is detected. See :ref:`watched_directory <envoy_v3_api_msg_config.core.v3.DataSource>` for more information about the ``watched_directory`` field.
string profile = 2
The profile within the credentials_file data source. If not provided, the default profile will be used.

Configuration to use an inline AWS credential. This is an equivalent to setting the well-known environment variables ``AWS_ACCESS_KEY_ID``, ``AWS_SECRET_ACCESS_KEY``, and the optional ``AWS_SESSION_TOKEN``.

Used in: AwsCredentialProvider

string access_key_id = 1
The AWS access key ID.
string secret_access_key = 2
The AWS secret access key.
string session_token = 3
The AWS session token. This is optional.

package envoy.extensions.common.aws.v3

message AssumeRoleWithWebIdentityCredentialProvider

optional config.core.v3.DataSource web_identity_token_data_source = 1

string role_arn = 2

string role_session_name = 3

message AwsCredentialProvider

optional AssumeRoleWithWebIdentityCredentialProvider assume_role_with_web_identity_provider = 1

optional InlineCredentialProvider inline_credential = 2

optional CredentialsFileCredentialProvider credentials_file_provider = 3

bool custom_credential_provider_chain = 4

message CredentialsFileCredentialProvider

optional config.core.v3.DataSource credentials_data_source = 1

string profile = 2

message InlineCredentialProvider

string access_key_id = 1

string secret_access_key = 2

string session_token = 3