PingAuthorize

Adding an Amazon S3 deployment package store to PingAuthorize

To use Amazon Simple Storage Service (S3) as your deployment package store, add read access for your S3 bucket to the PingAuthorize server.

Before you begin

You must create an access key and accompanying secret key for your S3 bucket. See Setting up an Amazon S3 deployment package store for more information.

About this task

Use the administrative console or dsconfig to add the Amazon S3 deployment package store. If needed, review your existing S3 bucket configurations on the S3 dashboard of Amazon Web Services (AWS) Management Console.

  • Administrative console

  • Dsconfig

Adding an Amazon S3 deployment package store using the administrative console

Steps

  1. In the administrative console, go to Configuration → Authorization and Policies → Deployment Package Stores.

  2. Click New Deployment Package Store.

  3. In the New Deployment Package Store menu, select S3 Deployment Package Store.

  4. Complete the General Configuration fields:

    1. In the Name field, enter a name for the deployment package store.

    2. In the Poll Interval field, enter a value in seconds for how often the Amazon S3 bucket should be polled for changes.

      A value of 0 only updates on restart.

    3. In the S3 Bucket Name field, enter the name of your Amazon S3 bucket as shown on your AWS services page.

    4. In the S3 Bucket Prefix field, enter your Amazon S3 bucket prefix.

    5. In the S3 Server Endpoint field, enter your Amazon S3 bucket AWS endpoint.

    6. In the S3 Region Name field, enter the AWS region for your S3 bucket.

    7. Next to the [.label]#S3 Access Key ID#field, click [.label]#Set Value#and enter the S3 Access Key ID for your S3 bucket.

    8. Enter the S3 Access Key ID value again to confirm and click OK.

      Your access key value is not displayed after you enter it. The page still displays Set Value.

    9. Next to the S3 Secret Key field, click [.label]#Set Value#and enter the S3 Secret Key for your S3 bucket.

    10. Enter the value again to confirm and click OK.

      Your secret key value is not displayed after you enter it. The page still displays Set Value.

  5. Optional: Complete the Policy Security fields.

    If you select signed in the Deployment Package Security Level field, you must complete the Deployment Package Trust Store field.

  6. Click Save To PingAuthorize Server Cluster.

    Result:

    Your Amazon S3 deployment package store is displayed on the Deployment Package Stores page.

Next steps

Adding an Amazon S3 deployment package store using dsconfig

Steps

  • Run dsconfig with the create-deployment-package-store option:

    Choose from:

    • Create a store with an unsigned deployment package.

      dsconfig create-deployment-package-store \
        --store-name "<store-name>" \
        --type s3  \
        --set "poll-interval: <poll-interval>" \
        --set "s3-bucket-name:<bucket-name>"  \
        --set "s3-bucket-prefix:<bucket-prefix>"  \
        --set "s3-server-endpoint:<server-endpoint>"  \
        --set "s3-region-name:<region-name>"  \
        --set "s3-access-key-id:<access-key-id>"  \
        --set "s3-secret-key:<secret-key>"
    • Create a store with deployment-package-security-level set to signed.

      dsconfig create-deployment-package-store \
        --store-name "<store-name>"  \
        --type s3  \
        --set "poll-interval: <poll-interval>" \
        --set deployment-package-security-level:signed  \
        --set "deployment-package-trust-store:<trust-store-provider-name>"  \
        --set "deployment-package-verification-key-nickname:<key-nickname>"  \
        --set "s3-bucket-name:<bucket-name>"  \
        --set "s3-bucket-prefix:<bucket-prefix>"  \
        --set "s3-server-endpoint:<server-endpoint>"  \
        --set "s3-region-name:<region-name>"  \
        --set "s3-access-key-id:<access-key-id>"  \
        --set "s3-secret-key:<secret-key>"

Next steps