aherman
/
boundary
mirror of https://github.com/hashicorp/boundary
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

creates tabs, adds minio support

Browse Source
pull/4708/head
Robin Beck 2 years ago
parent 64a0ea9111
commit a1e6bd95ec
1 changed files with 86 additions and 10 deletions
Show Stats Download Patch File Download Diff File

96
website/content/docs/configuration/session-recording/create-storage-bucket.mdx
Unescape View File

@ -19,12 +19,17 @@ For more information about using session recording to audit user sessions, refer
### Create a storage bucket
Complete the following steps to create a storage bucket in Boundary for session recording:
Select a storage provider.
<Tabs>
<Tab heading="Amazon S3">
Complete the following steps to create a storage bucket in Boundary.
<Tabs>
<Tab heading="CLI">
The required fields for creating a storage bucket vary depending on whether you configured the AWS S3 bucket with static or dynamic credentials:
The required fields for creating a storage bucket depend on whether you configured the Amazon S3 bucket with static or dynamic credentials:
<Tabs>
<Tab heading="Static credentials">
@ -65,11 +70,11 @@ The required fields for creating a storage bucket vary depending on whether you
```shell-session
$ boundary storage-buckets create \
-bucket-name mybucket1 \
-bucket-name mys3bucket \
-plugin-name aws \
-worker-filter “dev” in “/tags/type” \
-attributes {“region”:”us-east-1”,”disable_credential_rotation”:true,"role_arn":"arn:aws:iam::123456789012:role/S3Access"} \
-scope-id o_1234567890
-scope-id o_1234567890 \
-worker-filter “s3” in “/tags/type” \
-attributes {“region”:”us-east-1”,”disable_credential_rotation”:true,"role_arn":"arn:aws:iam::123456789012:role/S3Access"}
```
Replace the values above with the following required AWS secrets and any optional [attributes](/boundary/docs/concepts/domain-model/storage-buckets) you want to associate with the Boundary storage bucket:
@ -99,18 +104,19 @@ The required fields for creating a storage bucket vary depending on whether you
<Tab heading="UI">
1. Log in to Boundary.
1. Select **Storage Buckets** in the navigation bar.
1. Select **New Storage Bucket**.
1. Click **Storage Buckets** in the navigation bar.
1. Click **New Storage Bucket**.
1. Complete the following fields to create the Boundary storage bucket:
- **Name**: (Optional) The name field is optional, but if you enter a name it must be unique.
- **Description**: (Optional) An optional description of the Boundary storage bucket for identification purposes.
- **Scope**: (Required) A storage bucket can belong to the Global scope or an Org scope.
It can only associated with targets from the scope it belongs to.
- **Provider**: (Required) The external storage bucket provider.
- **Bucket name**: (Required) Name of the AWS bucket you want to associate with the Boundary storage bucket.
- **Bucket prefix**: (Optional) A base path where session recordings are stored.
- **Region**: (Required) The AWS region to use.
- **Credential type**: (Required) The type of credential you want to use to authenticate to the external storage.
The required fields for creating a storage bucket vary depending on whether you configured the AWS S3 bucket with static or dynamic credentials:
The required fields for creating a storage bucket vary depending on whether you configured the Amazon S3 bucket with static or dynamic credentials:
- **Static**: Authenticates to the storage bucket using an access key that AWS generates.
- **Dynamic**: Authenticates to the storage bucket using credentials that were generated by AWS `AssumeRole`.
@ -146,7 +152,77 @@ The required fields for creating a storage bucket vary depending on whether you
</Tab>
</Tabs>
1. Select **Save**.
1. Click **Save**.
</Tab>
</Tabs>
</Tab>
<Tab heading="MinIO">
Complete the following steps to create a storage bucket in Boundary.
<Tabs>
<Tab heading="CLI">
<Note>
MinIO requires a service account to set up a Boundary storage bucket. Refer to the [Configure MinIO](/boundary/docs/configuration/session-recording/storage-providers/configure-minio#minio-requirements) page to learn more.
</Note>
1. Log in to Boundary.
1. Use the following command to create a storage bucket in Boundary:
```shell-session
$ boundary storage-buckets create \
-bucket-name myminiobucket \
-plugin-name minio \
-scope-id o_1234567890 \
-bucket-prefix="foo/bar/zoo" \
-worker-filter '"minio" in "/tags/type"' \
-attr endpoint_url="https://my-minio-instance.dev/s3-api" \
-attr region="REGION" \
-attr disable_credential_rotation=true \
-secret access_key_id="KEY" \
-secret secret_access_key="SECRET"
```
Replace the values above with the following required secrets and any optional [attributes](/boundary/docs/concepts/domain-model/storage-buckets) you want to associate with the Boundary storage bucket:
- `endpoint_url` (Required): Fully-qualified endpoint pointing to a MinIO S3 API.
- `bucket-name`: (Required) Name of the MinIO bucket you want to associate with the Boundary storage bucket.
- `region`: (Optional) The region to configure the storage bucket for.
- `worker-filter`: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
- `disable_credential_rotation`: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set to `false`, or not provided, the plugin will rotate the incoming credentials to create a new MinIO service account, then delete the incoming credentials.
This option must be set to `true` if you use dynamic credentials.
- `access_key_id` (Required): The MinIO service account's access key to use with this storage bucket.
- `secret_access_key` (Required): The MinIO service account's secret key to use with this storage bucket.
</Tab>
<Tab heading="UI">
1. Log in to Boundary.
1. Click **Storage Buckets** in the navigation bar.
1. Click **New Storage Bucket**.
1. Complete the following fields to create the Boundary storage bucket:
- **Name**: (Optional) The name field is optional, but if you enter a name it must be unique.
- **Description**: (Optional) An optional description of the Boundary storage bucket for identification purposes.
- **Scope**: (Required) A storage bucket can belong to the Global scope or an Org scope.
It can only associated with targets from the scope it belongs to.
- **Provider**: (Required) The external storage bucket provider.
- **Endpoint URL**: (Required) The fully-qualified endpoint pointing to a MinIO S3 API.
- **Bucket name**: (Required) Name of the AWS bucket you want to associate with the Boundary storage bucket.
- **Region**: (Optional) The region to configure the storage bucket for.
- **Access key ID** (Required): The MinIO service account's access key to use with this storage bucket.
- **Secret access key** (Required): The MinIO service account's secret key to use with this storage bucket.
- **Worker filter**: (Required) A filter that indicates which Boundary workers have access to the storage. The filter must match an existing worker in order to create a Boundary storage bucket.
- **Disable credential rotation**: (Optional) Controls whether the plugin will rotate the incoming credentials and manage a new MinIO service account. If this attribute is set to false, or not provided, the plugin will rotate the incoming credentials, using them to create a new MinIO service account, then delete the incoming credentials.
1. Click **Save**.
</Tab>
</Tabs>
</Tab>
</Tabs>

Write Preview
Loading…
Cancel
Save