AWS Plugin for HashiCorp Boundary
This repo contains the aws plugin for HashiCorp
Boundary.
Credential Rotation
Although credentials are stored encrypted within Boundary, by default this
plugin will attempt to rotate credentials when they are supplied through the
secrets
object. The given credentials will be used to create a new credential,
and then the given credential will be revoked. In this way, after rotation,
only Boundary knows the client secret in use by this plugin.
Credential rotation can be turned off by setting the
disable_credential_rotation
attribute to true
.
Dynamic Hosts
This plugin supports dynamically sourcing hosts from Amazon EC2.
Host sets created with this plugin define filters which select and group like
instances within AWS; these host sets can in turn be added to targets within
Boundary as host sources.
At creation, update or deletion of a host catalog of this type, configuration of the
plugin is performed via the attribute/secret values passed to the create, update, or
delete calls actions. The values passed in to the plugin here are the attributes set
on on a host catalog in boundary.
The plugin fetches hosts through the
DescribeInstances
call.
Getting Started
Storage Bucket
This plugin supports storing and fetching objects from Amazon S3.
Files created with this plugin are stored as objects defined by the bucket
name and bucket prefix values configured in the storage bucket resource;
these storage bucket resources can in turn be associated to targets within
Boundary.
At creation, update or deletion of a storage bucket of this type, configuration of the
plugin is performed via the attribute/secret values passed to the create, update, or
delete calls actions. The values passed in to the plugin here are the attributes set
on on a storage bucket in boundary.
The plugin fetches files through the
GetObject
call.
The plugin stores files through the
PutObject
call.
The plugin fetches metadata about the files through the
HeadObject
call.
Getting Started