From f1eb9a171af660b67a006b43f5dea2f5c67b105a Mon Sep 17 00:00:00 2001 From: Pankaj Date: Sat, 27 Apr 2024 11:31:46 +0530 Subject: [PATCH] Update Hashicorp AWS assume role auth docs --- .../secrets-backends/hashicorp-vault.rst | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/apache-airflow-providers-hashicorp/secrets-backends/hashicorp-vault.rst b/docs/apache-airflow-providers-hashicorp/secrets-backends/hashicorp-vault.rst index 3227b0ef58dea..6d0a5393b1651 100644 --- a/docs/apache-airflow-providers-hashicorp/secrets-backends/hashicorp-vault.rst +++ b/docs/apache-airflow-providers-hashicorp/secrets-backends/hashicorp-vault.rst @@ -220,14 +220,15 @@ Add "verify": "absolute path to ca-certificate file" Vault authentication with AWS Assume Role STS """"""""""""""""""""""""""""""""""""""""""""" -Add parameter "role_arn": "The AWS ARN of the role to assume" +Add parameter "assume_role_kwargs": "The AWS STS assume role auth parameter dict" + +For more details, please refer to the AWS Assume Role Authentication documentation: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/sts/client/assume_role.html .. code-block:: ini [secrets] backend = airflow.providers.hashicorp.secrets.vault.VaultBackend - backend_kwargs = {"connections_path": "airflow-connections", "variables_path": null, "mount_point": "airflow", "url": "http://127.0.0.1:8200", "auth_type": "aws_iam", "role_arn": "arn:aws:iam::123456789000:role/hashicorp-aws-iam-role"} - + backend_kwargs = {"connections_path": "airflow-connections", "variables_path": null, "mount_point": "airflow", "url": "http://127.0.0.1:8200", "auth_type": "aws_iam", "assume_role_kwargs": {"arn:aws:iam::123456789000:role/hashicorp-aws-iam-role", "RoleSessionName": "Airflow"}} Using multiple mount points """""""""""""""""""""""""""