From c8eb6f32bdd868c7f8dfb670560633da388fc91d Mon Sep 17 00:00:00 2001 From: JatinderSingh Date: Tue, 8 Apr 2025 11:19:13 -0700 Subject: [PATCH] update Service account details --- docs/Config.md | 26 ++++++++++++++++++++++++++ docs/Service-Account.md | 28 ++++++++++++++++++++++++++++ mkdocs.yml | 5 +++-- 3 files changed, 57 insertions(+), 2 deletions(-) create mode 100644 docs/Service-Account.md diff --git a/docs/Config.md b/docs/Config.md index 6f33e03..8193149 100644 --- a/docs/Config.md +++ b/docs/Config.md @@ -68,6 +68,32 @@ This mode is generally recommended for systems where you expect to use COMS at a }, ``` +Basic Auth can also be used where machine-to-machine API access is required. This can be set by enabling the s3AccessMode in the configuration, which is enabled by default on all COMS environments. This setup is suitable for service-level account access. + +```sh +"basicAuth": { + "enabled": “true", # note: to disable, delete this environment variable + "s3AccessMode": "true", + + "password": "" +}, +``` + +In this case, storage credentials provided by the optimization teams are used to grant access. The following are used as user and password: + +```sh +accesskeyid +accesskeysecret +``` + +Additional request params: bucket and endpoint must be provided in the request headers using the following key-value pairs: + +```sh +x-amz-bucket: +x-amz-endpoint: +``` + ### Full This mode is generally recommended for systems that need both user level and administrative level access to objects. This grants the full suite of functionality COMS offers, but care must be taken to ensure that access to objects is done securely from your line of business application. diff --git a/docs/Service-Account.md b/docs/Service-Account.md new file mode 100644 index 0000000..e79895e --- /dev/null +++ b/docs/Service-Account.md @@ -0,0 +1,28 @@ +## Service Account API access** + +Service account feature for COMS can be enabled by setting s3AccessMode enabled in configuration, it allows automated systems or services to securely interact with the COMS environment using access keys for authentication. Below are the steps for configuring and utilizing s3AccessMode. + +### Credentials + +For M2M API access, the storage credentials are used to authenticate API requests. These credentials consist of an Access Key ID and Access Key Secret, which are essential for machine-to-machine communication. + +#### Service Account Credentials: +**accesskeyid:*** The unique identifier for the service account. + +**accesskeysecret:** The associated secret key for the service account. + +#### Set Request Headers and Parameters + +With s3AccessMode enabled, the M2M communication requires specific headers to authenticate and provide access correctly. + +**Headers to Include**: + +***x-amz-bucket:*** The name of the bucket being accessed by the service account. + +***x-amz-endpoint:*** The endpoint to which the request is directed. + +### Security Considerations + +* **Store Credentials Securely**: Ensure the accesskeyid and accesskeysecret are stored securely, such as in environment variables or a secure credential vault, to prevent unauthorized access. + +* **Use HTTPS**: Make sure that all API requests are made over HTTPS to protect sensitive data during transmission. \ No newline at end of file diff --git a/mkdocs.yml b/mkdocs.yml index 896dc59..04963e8 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -13,12 +13,13 @@ markdown_extensions: nav: - Introduction: index.md - API User Guide: - - Authentication: Authentication.md + - Authentication: Authentication.md - Endpoint Notes: Endpoint-Notes.md - Permissions: Permissions.md - Metadata and Tags: Metadata-Tag.md - Managing buckets: Buckets.md - - Synchronization: Synchronization.md + - Service Account: Service-Account.md + - Synchronization: Synchronization.md - Use-Case Examples: Use-Case-Examples.md - Deployment Guide: - Self-Hosting COMS: Self-Hosting-COMS.md