Adding an Amazon S3 deployment package store - PingAuthorize - 9.3

PingAuthorize 9.3

bundle
pingauthorize-93
ft:publication_title
PingAuthorize 9.3
Product_Version_ce
PingAuthorize 9.3
category
ContentType
Product
Productdocumentation
paz-93
pingauthorize
ContentType_ce
Product documentation

To use Amazon Simple Storage Service (S3) as your deployment package store, add read access for your S3 bucket to the PingAuthorize server.

You must create an access key and accompanying secret key for your S3 bucket. See Setting up an Amazon S3 deployment package store for more information.

Use the administrative console or dsconfig to add the Amazon S3 deployment package store. If needed, review your existing S3 bucket configurations on the S3 dashboard of Amazon Web Services (AWS) Management Console.

Adding an Amazon S3 deployment package store using the administrative console

  1. In the administrative console, go to Configuration > Authorization and Policies > Deployment Package Stores.
  2. Click New Deployment Package Store.
  3. In the New Deployment Package Store menu, select S3 Deployment Package Store.
  4. Complete the General Configuration fields:
    1. In the Name field, enter a name for the deployment package store.
    2. In the Poll Interval field, enter a value in seconds for how often the Amazon S3 bucket should be polled for changes.
      Note:

      A value of 0 only updates on restart.

    3. In the S3 Bucket Name field, enter the name of your Amazon S3 bucket as shown on your AWS services page.
    4. In the S3 Bucket Prefix field, enter your Amazon S3 bucket prefix.
    5. In the S3 Server Endpoint field, enter your Amazon S3 bucket AWS endpoint.
    6. In the S3 Region Name field, enter the AWS region for your S3 bucket.
    7. Next to the S3 Access Key ID field, click Set Value and enter the S3 Access Key ID for your S3 bucket.
    8. Enter the S3 Access Key ID value again to confirm and click OK.
      Note:

      Your access key value is not displayed after you enter it. The page still displays Set Value.

    9. Next to the S3 Secret Key field, click Set Value and enter the S3 Secret Key for your S3 bucket.
    10. Enter the value again to confirm and click OK.
      Note:

      Your secret key value is not displayed after you enter it. The page still displays Set Value.

  5. Optional: Complete the Policy Security fields.
    Note:

    If you select signed in the Deployment Package Security Level field, you must complete the Deployment Package Trust Store field.

  6. Click Save To PingAuthorize Server Cluster.

    Your Amazon S3 deployment package store is displayed on the Deployment Package Stores page.

Configure the PingAuthorize server to use embedded PDP mode with your deployment package store.

Adding an Amazon S3 deployment package store using dsconfig

Run dsconfig with the create-deployment-package-store option:
  • Create a store with an unsigned deployment package.
    dsconfig create-deployment-package-store \
      --store-name "<store-name>" \
      --type s3  \
      --set "poll-interval: <poll-interval>" \
      --set "s3-bucket-name:<bucket-name>"  \
      --set "s3-bucket-prefix:<bucket-prefix>"  \
      --set "s3-server-endpoint:<server-endpoint>"  \
      --set "s3-region-name:<region-name>"  \
      --set "s3-access-key-id:<access-key-id>"  \
      --set "s3-secret-key:<secret-key>"
  • Create a store with deployment-package-security-level set to signed.
    dsconfig create-deployment-package-store \
      --store-name "<store-name>"  \
      --type s3  \
      --set "poll-interval: <poll-interval>" \
      --set deployment-package-security-level:signed  \
      --set "deployment-package-trust-store:<trust-store-provider-name>"  \
      --set "deployment-package-verification-key-nickname:<key-nickname>"  \
      --set "s3-bucket-name:<bucket-name>"  \
      --set "s3-bucket-prefix:<bucket-prefix>"  \
      --set "s3-server-endpoint:<server-endpoint>"  \
      --set "s3-region-name:<region-name>"  \
      --set "s3-access-key-id:<access-key-id>"  \
      --set "s3-secret-key:<secret-key>"

Configure the PingAuthorize server to use embedded PDP mode with your deployment package store.