Closed krisstanton closed 1 year ago
Changed this for future deployments (see code commit)
The Change on live server went like this: Doing the Rapid disable
To rapidly disable the dispensing of S3 credentials, in the deployment's DistributionApiEndpoints lambda, set the DISABLE_S3_CREDENTIALS environment variable to true. This can be done via the AWS console or AWS CLI. If this variable is set, the S3 credentials endpoint will not dispense credentials and will instead return a message stating that the endpoint has been disabled.
AWS 5982 (NGAP PROD account). (The one that needed to be changed) --> us-west-2 --> Lambda --> DistributionApiEndpoints --> Configuration Tab (In the middle) --> Environment Variables (Below the tabs, on the left pane, in the middle of the left pane) --> Edit --> "Add environment variable" --> Added 'DISABLE_S3_CREDENTIALS' 'true' --> Clicked Save
For reference: The end point that would give credentials back after authenticating would be: https://data.csda.earthdata.nasa.gov/s3credentials
Update:
It turns out that the parameter deploy_s3_credentials_endpoint
is only defined in the legacy module called distribution
. We are not using that module, so there is actually no infrastructure deployed to support the s3_credentials endpoint.
This means that effectively, this endpoint will never function to serve credentials.
No code changes needed.
[x] Do the "rapid disable" endpoint option ASAP. "The Cumulus distribution API /s3credentials endpoint documentation is here. The /s3credentials endpoint will redirect to EDL for authentication and upon successful authentication return the S3 credentials."
[x] Code changes to Update Cumulus Distribution API for all future deployments
Reference URL: https://nasa.github.io/cumulus-distribution-api/#temporary-s3-credentials