README ¶ S3 Consumer @startuml left to right direction allow_mixing package AWS as aws <<Rectangle>> { object "OIDC Provider" as oidc_provider object "Target Bucket" as target object "IAM Role" as iam_role } package "Kind Cluster" as kind <<Rectangle>> { object "S3 Consumer" as s3_consumer s3_consumer --() https : X.509 SVID object "SPIRE" as spire } iam_role --> target : Allow Access s3_consumer -r-> spire : Get X.509 and JWT SVID s3_consumer -u-> target : Get Object s3_consumer -u-> oidc_provider : JWT SVID oidc_provider -l-> iam_role : Identity Federation oidc_provider --> spire : Verify JWT SVID @enduml Name Description S3 Consumer Accesses the target bucket by exchanging a JWT SVID for temporary AWS Credentials, exposes an https interface using X.509 SVID SPIRE Mints X.509 and JWT SVIDs for the S3 Consumer OIDC Provider Verifies the provided JWT SVID and returns temporary credentials based on the identity mapping to IAM Role IAM Role Provides read access to the target bucket Target Bucket Holds the object(s) the S3 Consumer wants to access Expand ▾ Collapse ▴ Documentation ¶ There is no documentation for this package. Source Files ¶ View all Source files main.go Click to show internal directories. Click to hide internal directories.