AWS S3
Type: bindings.aws.s3
Status: stable
Reference: https://docs.dapr.io/reference/components-reference/supported-bindings/s3/
Example
apiVersion: cra.diagrid.io/v1beta1
kind: Component
metadata:
name: <name>
spec:
type: bindings.aws.s3
version: v1
metadata:
# AWS access key associated with an IAM account (Optional)
#- name: accessKey
# value: "AKIAIOSFODNN7EXAMPLE"
# This maintains backwards compatibility with existing fields. It will be deprecated as of Dapr 1.17. Use 'region' instead. The AWS Region where the AWS resource is deployed to. (Optional)
#- name: awsRegion
# value: "us-east-1"
# The AWS Region where the AWS resource is deployed to. This will be marked required in Dapr 1.17. (Optional)
#- name: region
# value: "us-east-1"
# The secret key associated with the access key (Optional)
#- name: secretKey
# value: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
# AWS session token to use. A session token is only required if you are using temporary security credentials. (Optional)
#- name: sessionToken
# value: "TOKEN"
# The name of the S3 bucket to write to.
- name: bucket
value: "bucket"
# Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content). (Optional)
#- name: decodeBase64
# value: "false"
# Allows to connect to non-`https://` endpoints. (Optional)
#- name: disableSSL
# value: "false"
# Configuration to encode base64 file content before returning the content. (In case of opening a file with binary content). (Optional)
#- name: encodeBase64
# value: "false"
# AWS endpoint for the component to use, to connect to S3-compatible services or emulators. Do not use this when running against production AWS. (Optional)
#- name: endpoint
# value: "http://mycompany.com:4566"
# Currently Amazon S3 SDK supports virtual-hosted-style and path-style access. When false (the default), uses virtual-hosted-style format, i.e.: `https://<your bucket>.<endpoint>/<key>`. When true, uses path-style format, i.e.: `https://<endpoint>/<your bucket>/<key>`. (Optional)
#- name: forcePathStyle
# value: "false"
# When connecting to `https://` endpoints, accepts self-signed or invalid certificates. (Optional)
#- name: insecureSSL
# value: "false"
Binding information
Input Binding: no
Output Binding: yes
Output Binding operations:
-
create: Create blob -
get: Get blob -
delete: Delete blob -
list: List blob
Authentication profiles
Available authentication profiles:
-
AWS: Access Key ID and Secret Access Key
-
AWS: Assume IAM Role
-
AWS: IAM Roles Anywhere
AWS: Access Key ID and Secret Access Key
Authenticate using an Access Key ID and Secret Access Key included in the metadata
accessKey
AWS access key associated with an IAM account
Example value: AKIAIOSFODNN7EXAMPLE
awsRegion (string)
This maintains backwards compatibility with existing fields. It will be deprecated as of Dapr 1.17. Use 'region' instead. The AWS Region where the AWS resource is deployed to.
Example value: us-east-1
region (string)
The AWS Region where the AWS resource is deployed to. This will be marked required in Dapr 1.17.
Example value: us-east-1
secretKey
The secret key associated with the access key
Example value: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
sessionToken (string)
AWS session token to use. A session token is only required if you are using temporary security credentials.
Example value: TOKEN
AWS: Assume IAM Role
Assume a specific IAM role. Note: This is only supported for Kafka and PostgreSQL.
region (string)
Required - The AWS Region where the AWS resource is deployed to.
Example value: us-east-1
assumeRoleArn (string)
IAM role that has access to AWS resource. This is another option to authenticate with MSK and RDS Aurora aside from the AWS Credentials. This will be marked required in Dapr 1.17.
Example value: arn:aws:iam::123456789:role/mskRole
sessionName (string)
The session name for assuming a role.
Default value: DaprDefaultSession
Example value: MyAppSession
AWS: IAM Roles Anywhere
Use AWS IAM Roles Anywhere to establish trust between your AWS account and Diagrid.
assumeRoleArn
Required - ARN of the AWS IAM role to assume in the trusting AWS account.
Example value: arn:aws:iam:012345678910:role/exampleIAMRoleName
trustAnchorArn
Required - ARN of the AWS Trust Anchor in the AWS account granting trust to the Dapr Certificate Authority.
Example value: arn:aws:rolesanywhere:us-west-1:012345678910:trust-anchor/01234568-0123-0123-0123-012345678901
trustProfileArn
Required - ARN of the AWS IAM Profile in the trusting AWS account.
Example value: arn:aws:rolesanywhere:us-west-1:012345678910:profile/01234568-0123-0123-0123-012345678901
Metadata
bucket (string)
Required - The name of the S3 bucket to write to.
Example value: bucket
decodeBase64 (bool)
Configuration to decode base64 file content before saving to bucket storage. (In case of saving a file with binary content).
Default value: false
Example value: true, false
disableSSL (bool)
Allows to connect to non-https:// endpoints.
Default value: false
Example value: true, false
encodeBase64 (bool)
Configuration to encode base64 file content before returning the content. (In case of opening a file with binary content).
Default value: false
Example value: true, false
endpoint (string)
AWS endpoint for the component to use, to connect to S3-compatible services or emulators. Do not use this when running against production AWS.
Example value: http://mycompany.com:4566
forcePathStyle (bool)
Currently Amazon S3 SDK supports virtual-hosted-style and path-style access. When false (the default), uses virtual-hosted-style format, i.e.: https://<your bucket>.<endpoint>/<key>. When true, uses path-style format, i.e.: https://<endpoint>/<your bucket>/<key>.
Default value: false
Example value: true, false
insecureSSL (bool)
When connecting to https:// endpoints, accepts self-signed or invalid certificates.
Default value: false
Example value: true, false