]
Bela Ban resolved JGRP-1235.
----------------------------
Resolution: Done
S3_PING: Allow Use of Pre-Signed URLs When Writing to Buckets
-------------------------------------------------------------
Key: JGRP-1235
URL:
https://jira.jboss.org/browse/JGRP-1235
Project: JGroups
Issue Type: Feature Request
Reporter: Benjamin Browning
Assignee: Bela Ban
Fix For: 2.10.1, 2.11
Allowing pre-signed urls when writing and deleting from buckets will give us real write
security without having to store AWS credentials in the config file. For this approach to
work, buckets will need to be publicly readable and the user or their automated system
will need to generate pre-signed urls for each node in the cluster.
An example of the config entry:
<S3_PING
pre_signed_put_url="http://s3.amazonaws.com/ben-test/DemoCluster/thi...
pre_signed_delete_url="http://s3.amazonaws.com/ben-test/DemoCluster/...
timeout="2000"
num_initial_members="3"/>
The pre-signed urls need to be generated with no headers except "x-amz-acl"
with a value of "public-read" for the PUT url. It would be a good idea to add
some utility code to S3_Ping to generate these urls.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: