From a913ed9e6b6336fe79df827cc5a1ec2289864ea5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C3=A3o=20Martins?= Date: Wed, 10 Jul 2024 10:22:04 +0100 Subject: [PATCH] add proxy sigv4 plugin documentation (#1325) * proxy-sigv4 plugin * lint * requested changes * not relative link --- content/docs/docs-nav.yaml | 13 ++-- .../docs/integrations/proxy-sigv4/index.md | 62 +++++++++++++++++++ cypress.config.js | 6 +- 3 files changed, 72 insertions(+), 9 deletions(-) create mode 100644 content/docs/integrations/proxy-sigv4/index.md diff --git a/content/docs/docs-nav.yaml b/content/docs/docs-nav.yaml index 53ac8eb30..157a834d5 100644 --- a/content/docs/docs-nav.yaml +++ b/content/docs/docs-nav.yaml @@ -8,13 +8,13 @@ nav: - Getting started: - Overview: '/docs/getting-started/overview/' - Setting up your catalog: - - Adding to your catalog: '/docs/getting-started/adding-a-catalog-item/' - - Enable autodiscovery: '/docs/getting-started/autodiscovery/' - - Modelling your software: '/docs/getting-started/model-software/' + - Adding to your catalog: '/docs/getting-started/adding-a-catalog-item/' + - Enable autodiscovery: '/docs/getting-started/autodiscovery/' + - Modelling your software: '/docs/getting-started/model-software/' - Adding users: - - Inviting users: '/docs/getting-started/user-management/' - - Designating admins: '/docs/getting-started/create-admin-group/' - - Modelling Users and Groups: '/docs/getting-started/teams/' + - Inviting users: '/docs/getting-started/user-management/' + - Designating admins: '/docs/getting-started/create-admin-group/' + - Modelling Users and Groups: '/docs/getting-started/teams/' - Adding plugins: '/docs/getting-started/configuring-backstage-plugins/' - Customising the Roadie UI: '/docs/getting-started/configure-ui/' - Creating a scorecard: '/docs/getting-started/creating-a-scorecard/' @@ -53,6 +53,7 @@ nav: - Opsgenie: '/docs/integrations/opsgenie/' - PagerDuty: '/docs/integrations/pagerduty/' - Prometheus: '/docs/integrations/prometheus/' + - Proxy AWS Sigv4: '/docs/integrations/proxy-sigv4/' - Pulumi: '/docs/integrations/pulumi/' - Sentry: '/docs/integrations/sentry/' - Shortcut: '/docs/integrations/shortcut-plugin/' diff --git a/content/docs/integrations/proxy-sigv4/index.md b/content/docs/integrations/proxy-sigv4/index.md new file mode 100644 index 000000000..ad84025ec --- /dev/null +++ b/content/docs/integrations/proxy-sigv4/index.md @@ -0,0 +1,62 @@ +--- +title: Proxy Sigv4 Plugin +publishedDate: '2024-06-08T12:00:00.0Z' +description: How to configure Roadie to use AWS Signature Version 4 for proxying requests to and from AWS services + +humanName: Proxy AWS Sigv4 +logoImage: '../../../assets/logos/aws/Amazon_Web_Services_Logo.png' +integrationType: OSS plugin +--- + +## Introduction + +The Proxy Sigv4 plugin is essential for securely signing requests to AWS services using the Sigv4 signing process. + +This guide explains how to set up and configure the Proxy Sigv4 plugin in your Backstage environment to ensure your requests to AWS services are properly authenticated. + +## Step 1: Get the roadie IAM details + +Navigate to `Administration > Settings > Plugins > Proxy (Sigv4)` and make a note of the Roadie backend role ARN and account ID. This is mentioned on the Role Arn field of the Proxy Sigv4 plugin settings page. + +## Step 2: Create a federated role in your account for Roadie + +Follow the steps [here](/docs/details/accessing-aws-resources) to create the role. + +The role needs to follow this naming convention `arn:aws:iam::*:role/-roadie-` where matches your organisation's name used in the url of your Roadie instance. + +You'll need to set a trusted relantionship in your new role so that Roadie can assume it. And then attach any permission policy that you need to the role. + +
+ +Trusted relantionships in your new role + +```json +{ + "Version": "2012-10-17", + "Statement": [ + { + "Effect": "Allow", + "Principal": { + "AWS": "arn:aws:iam:::root" + }, + "Action": "sts:AssumeRole", + "Condition": {} + } + ] +} +``` + +
+ +## Step 3: Configure your Roadie instance to use the new role + +On the AWS S3 settings page `Administration > Settings > Plugins > Proxy (Sigv4)` in Roadie click `Add Item` and enter the newly created +role ARN, the `path` you want the proxy to be available on and the `target` for your AWS resource. + +example: `/s3` +will be available on `https:///api/proxy-sigv4/s3` + +After the role configuration is done, you can click the 'Test Role' button to check if integration configuration has succeeded. + +Please ensure there is a trusted relationship with allows the created role to be assumed. +For more information please visit: [Accessing AWS Resources](/docs/details/accessing-aws-resources) diff --git a/cypress.config.js b/cypress.config.js index 55f24a66a..a02320f01 100644 --- a/cypress.config.js +++ b/cypress.config.js @@ -1,10 +1,10 @@ -const { defineConfig } = require('cypress') +const { defineConfig } = require('cypress'); module.exports = defineConfig({ e2e: { setupNodeEvents(on, config) { - return require('./cypress/plugins/index.js')(on, config) + return require('./cypress/plugins/index.js')(on, config); }, baseUrl: 'http://localhost:8001', }, -}) +});