The AWS Secure Token Service (STS) returns temporary credentials for authenticating users to access specific resources. These credentials can be used to perform S3 requests.
In the case of s3gw, we don't rely on AWS STS. Instead, we support issuing the tokens themselves, to be used on s3gw itself.
Support for STS already exists in RGW in the form of STS (docs) and STS Lite (docs).
We will need to assess which approach is most adequate to our purposes, as a standalone S3 service, and in which scenarios each STS implementation shines.
Even if assuming there's no SFS-specific effort involved, we will still have to support STS in the UI, and associated QA and documentation efforts will need to exist.
jecluis
commented
1 year ago
Description
The AWS Secure Token Service (STS) returns temporary credentials for authenticating users to access specific resources. These credentials can be used to perform S3 requests.
In the case of s3gw, we don't rely on AWS STS. Instead, we support issuing the tokens themselves, to be used on s3gw itself.
Support for STS already exists in RGW in the form of STS (docs) and STS Lite (docs).
We will need to assess which approach is most adequate to our purposes, as a standalone S3 service, and in which scenarios each STS implementation shines.
Even if assuming there's no SFS-specific effort involved, we will still have to support STS in the UI, and associated QA and documentation efforts will need to exist.
Success criteria
More information
Tasks