diff --git a/content/docs/2.20/authentication-providers/aws-parameter-store.md b/content/docs/2.20/authentication-providers/aws-parameter-store.md new file mode 100644 index 000000000..8364e1b71 --- /dev/null +++ b/content/docs/2.20/authentication-providers/aws-parameter-store.md @@ -0,0 +1,40 @@ ++++ +title = "AWS Systems Manager Parameter Store" ++++ + +You can integrate AWS Systems Manager Parameter Store parameters into your trigger by configuring the `awsParameterStore` key in your KEDA scaling specification. + +The `podIdentity` section configures the usage of AWS pod identity with the provider set to AWS. + +The `credentials` section specifies AWS credentials, including the `accessKey` and `secretAccessKey`. + +- **accessKey:** Configuration for the AWS access key. +- **secretAccessKey:** Configuration for the AWS secret access key. + +The `region` parameter is optional and represents the AWS region where the parameter resides, defaulting to the default region if not specified. + +The `parameters` list within `awsParameterStore` defines the mapping between the AWS Parameter Store parameter and the authentication parameter used in your application, including the parameter name, AWS Parameter Store parameter name, and an optional `withDecryption` flag to decrypt SecureString parameters. + +### Configuration + +```yaml +awsParameterStore: + podIdentity: # Optional. + provider: aws # Required. + credentials: # Optional. + accessKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: {key-in-k8s-secret} # Required. + accessSecretKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: {key-in-k8s-secret} # Required. + region: {aws-region} # Optional. + parameters: # Required. + - parameter: {param-name-used-for-auth} # Required. + name: {aws-parameter-name} # Required. + withDecryption: true # Optional. Default: true +``` diff --git a/content/docs/2.20/concepts/authentication.md b/content/docs/2.20/concepts/authentication.md index a6eec106d..06f6d5650 100644 --- a/content/docs/2.20/concepts/authentication.md +++ b/content/docs/2.20/concepts/authentication.md @@ -161,6 +161,25 @@ spec: name: {aws-secret-name} # Required. version: {aws-secret-version} # Optional. secretKey: {aws-secret-key} # Optional. + awsParameterStore: # Optional. + podIdentity: # Optional. + provider: aws # Required. + credentials: # Optional. + accessKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: AWS_ACCESS_KEY_ID # Required. + accessSecretKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: AWS_SECRET_ACCESS_KEY # Required. + region: {aws-region} # Optional. + parameters: # Required. + - parameter: {param-name-used-for-auth} # Required. + name: {aws-parameter-name} # Required. + withDecryption: true # Optional. Default: true gcpSecretManager: # Optional. secrets: # Required. - parameter: {param-name-used-for-auth} # Required. @@ -442,6 +461,43 @@ awsSecretManager: secretKey: {aws-secret-key} # Optional. ``` +### AWS Systems Manager Parameter Store + +You can integrate AWS Systems Manager Parameter Store parameters into your trigger by configuring the `awsParameterStore` key in your KEDA scaling specification. + +The `podIdentity` section configures the usage of AWS pod identity with the provider set to AWS. + +The `credentials` section specifies AWS credentials, including the `accessKey` and `secretAccessKey`. + +- **accessKey:** Configuration for the AWS access key. +- **secretAccessKey:** Configuration for the AWS secret access key. + +The `region` parameter is optional and represents the AWS region where the parameter resides, defaulting to the default region if not specified. + +The `parameters` list within `awsParameterStore` defines the mapping between the AWS Parameter Store parameter and the authentication parameter used in your application, including the parameter name, AWS Parameter Store parameter name, and an optional `withDecryption` flag to decrypt SecureString parameters. + +```yaml +awsParameterStore: + podIdentity: # Optional. + provider: aws # Required. + credentials: # Optional. + accessKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: AWS_ACCESS_KEY_ID # Required. + accessSecretKey: # Required. + valueFrom: # Required. + secretKeyRef: # Required. + name: {k8s-secret-with-aws-credentials} # Required. + key: AWS_SECRET_ACCESS_KEY # Required. + region: {aws-region} # Optional. + parameters: # Required. + - parameter: {param-name-used-for-auth} # Required. + name: {aws-parameter-name} # Required. + withDecryption: true # Optional. Default: true +``` + #### AWS Pod Identity Webhook for AWS [**AWS IAM Roles for Service Accounts (IRSA) Pod Identity Webhook**](https://github.com/aws/amazon-eks-pod-identity-webhook) ([documentation](https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/)) allows you to provide the role name using an annotation on a service account associated with your pod.