From 3d4f00a1d513d31f685acee176a2bb8d27922b60 Mon Sep 17 00:00:00 2001 From: aphorise Date: Mon, 15 Jul 2024 15:31:24 +0200 Subject: [PATCH] Docs: autosnapshots notes around AWS EKS & S3 configuration requirments (#27646) * Docs: autosnapshots notes around AWS EKS & S3 configuration requirments. * Docs: corrected autosnapshots notes around AWS EKS & S3 configuration requirments. * Update website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> * Update website/content/api-docs/system/storage/raftautosnapshots.mdx Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --------- Co-authored-by: Sarah Chavis <62406755+schavis@users.noreply.github.com> --- .../api-docs/system/storage/raftautosnapshots.mdx | 10 ++++++++++ .../automated-integrated-storage-snapshots.mdx | 8 +++++--- 2 files changed, 15 insertions(+), 3 deletions(-) diff --git a/website/content/api-docs/system/storage/raftautosnapshots.mdx b/website/content/api-docs/system/storage/raftautosnapshots.mdx index 9973d0eb7a..5cf629593e 100644 --- a/website/content/api-docs/system/storage/raftautosnapshots.mdx +++ b/website/content/api-docs/system/storage/raftautosnapshots.mdx @@ -67,6 +67,16 @@ environment variables or files on disk in predefined locations. #### storage_type=aws-s3 + + +Vault cannot use AWS IAM roles with EKS service accounts for authentication to +save automated integrated storage snapshots to Amazon S3 buckets. You must set +the [`aws_access_key_id`](/vault/api-docs/system/storage/raftautosnapshots#aws_access_key_id) +and [`aws_secret_access_key`](/vault/api-docs/system/storage/raftautosnapshots#aws_secret_access_key) +parameters in the context of AWS EKS & S3 configuration. + + + - `aws_s3_bucket` `(string: )` - S3 bucket to write snapshots to. - `aws_s3_region` `(string: )` - AWS region bucket is in. diff --git a/website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx b/website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx index 20939ff4a7..13455e81e6 100644 --- a/website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx +++ b/website/content/docs/enterprise/automated-integrated-storage-snapshots.mdx @@ -37,9 +37,11 @@ object store. -Currently, Vault does not allow the use of AWS IAM Roles for EKS Service -Accounts to authenticate to Amazon S3 buckets for the Automated Integrated -Storage Snapshots. +Vault cannot use AWS IAM roles with EKS service accounts for authentication to +save automated integrated storage snapshots to Amazon S3 buckets. You must set +the [`aws_access_key_id`](/vault/api-docs/system/storage/raftautosnapshots#aws_access_key_id) +and [`aws_secret_access_key`](/vault/api-docs/system/storage/raftautosnapshots#aws_secret_access_key) +parameters in the context of AWS EKS & S3 configuration.