PingAuthorize

Adding an Amazon S3 deployment package store to PingAuthorize

To use Amazon Simple Storage Service (S3) as your deployment package store, add read access for your S3 bucket to the PingAuthorize Server.

Use the admin console or dsconfig to add the Amazon S3 deployment package store. If necessary, review your existing S3 bucket configurations on the S3 dashboard in the Amazon Web Services (AWS) Management Console.

Before you begin

You must create an access key and accompanying secret key for your S3 bucket. Learn more in Configuring the IAM user.

  • Admin console

  • dsconfig

Steps

  1. In the PingAuthorize admin console, go to Configuration > Authorization and Policies > Deployment Package Stores.

  2. Click New Deployment Package Store.

  3. In the New Deployment Package Store modal, select S3 Deployment Package Store.

  4. Complete the General Configuration:

    1. Enter a Name for the deployment package store.

    2. In the Poll Interval field, enter a value, in seconds, for how often the Amazon S3 bucket should be polled for changes.

      If you set the poll interval to 0, the server won’t scan for new packages after initializing the store. The server will only load new deployment packages on restart.

    3. In the S3 Bucket Name field, enter the name of your Amazon S3 bucket as shown on the AWS services page.

    4. In the S3 Bucket Prefix field, enter the S3 bucket prefix.

    5. In the S3 Server Endpoint field, enter the S3 bucket endpoint.

    6. In the S3 Region Name field, enter the AWS region for the S3 bucket.

    7. Next to the S3 Access Key ID field, click Set Value and enter the S3 access key ID you copied in Configuring the IAM user.

    8. Enter the S3 access key ID value again to confirm and click OK.

      Your access key value isn’t displayed after you enter it. The page still displays Set Value.

    9. Next to the S3 Secret Key field, click Set Value and enter the S3 secret key you copied in Configuring the IAM user.

    10. Enter the S3 secret key value again to confirm and click OK.

      Your secret key value isn’t displayed after you enter it. The page still displays Set Value.

  5. If your S3 bucket uses a legacy path-style URL, select the Enabled checkbox under S3 Use Path Style Access.

    Starting with PingAuthorize 11.0, the PingAuthorize Server expects virtual-hosted-style URLs by default when connecting to Amazon S3.

    Learn more in Virtual hosting of general purpose buckets in the Amazon S3 documentation.

  6. (Optional) Complete the Policy Security configuration.

    If you select Signed in the Deployment Package Security Level list, you must select a Deployment Package Trust Store.

  7. Click Save.

    Result:

    Your Amazon S3 deployment package store is displayed on the Deployment Package Stores page.

Steps

  • To create an Amazon S3 deployment package store, use the the dsconfig create-deployment-package-store command with the following arguments:

    Argument Required Description

    --type <type>

    Required

    Set to s3.

    --store-name: <store-name>

    Required

    Specifies a unique name for the configuration object.

    --set poll-interval:"<poll-interval>"

    Required

    Specifies how often, in seconds, the PingAuthorize Server scans the deployment package store for new deployment packages.

    If you set the poll interval to 0, the server won’t scan for new packages after initializing the store. The server will only load new deployment packages on restart.

    --set s3-bucket-name:<bucket-name>

    Required

    Specifies the name of the S3 bucket in AWS.

    --set s3-bucket-prefix:<bucket-prefix>

    Required

    Specifies the prefix value for the S3 bucket.

    --set s3-server-endpoint:<server-endpoint>

    Optional

    Specifies the S3 service endpoint.

    --set s3-region-name:<server-region>

    Optional

    Specifies the AWS region for the S3 bucket.

    --set s3-access-key-id:<access-key-id>

    Optional

    Specifies the access key ID used to authenticate to the S3 bucket.

    --set s3-secret-key:<secret-key>

    Optional

    Specifies the secret key used to authenticate to the S3 bucket.

    --set s3-use-path-style-access:true

    Optional

    Enables legacy S3 path-style access. Defaults to false.

    Starting with PingAuthorize 11.0, the PingAuthorize Server uses virtual-hosted–style URLs by default when connecting to Amazon S3.

    Learn more in Virtual hosting of general purpose buckets in the Amazon S3 documentation.

Next steps

Configure the PingAuthorize Server to use embedded PDP mode with your deployment package store.