gnodet commented on code in PR #14964:
URL: https://github.com/apache/camel/pull/14964#discussion_r1695288002
##########
docs/user-manual/modules/ROOT/pages/security.adoc:
##########
@@ -588,6 +588,65 @@ Note that `camel.vault.aws.secrets` is not mandatory: if
not specified the task
The only requirement is adding the camel-aws-secrets-manager jar to your Camel
application.
+==== Automatic Camel context reloading on Secret Refresh while using AWS
Secrets Manager with Eventbridge and AWS SQS Services
+
+There is also the possibility of using AWS Eventbridge in combination with AWS
SQS Service.
Review Comment:
Same wording that can be improved ?
##########
components/camel-aws/camel-aws-secrets-manager/src/main/docs/aws-secrets-manager-component.adoc:
##########
@@ -270,6 +270,66 @@ where `camel.vault.aws.refreshEnabled` will enable the
automatic context reload,
Note that `camel.vault.aws.secrets` is not mandatory: if not specified the
task responsible for checking updates events will take into accounts or the
properties with an `aws:` prefix.
+=== Automatic Camel context reloading on Secret Refresh with Eventbridge and
AWS SQS Services
+
+There is also the possibility of using AWS Eventbridge in combination with AWS
SQS Service.
+
+The needed bits on the AWS side are the following:
+
+- You need to create an AWS Cloudtrail trail
+- You need to create an AWS SQS Queue
+- You need to create an Eventbridge rule of this kind
+
+[source,json]
+----
+{
+ "source": ["aws.secretsmanager"],
+ "detail-type": ["AWS API Call via CloudTrail"],
+ "detail": {
+ "eventSource": ["secretsmanager.amazonaws.com"]
+ }
+}
+----
+
+This rule will make the event related to AWS Secrets Manager filtered
+
+- You need to set the a Rule target to the AWS SQS Queue for Eventbridge rule
+
+- You need to give permission to the Eventbrige rule, to write on the above
SQS Queue. For doing this you'll need to define a json file like this:
+
+[source,json]
+----
+{
+ "Policy":
"{\"Version\":\"2012-10-17\",\"Id\":\"<queue_arn>/SQSDefaultPolicy\",\"Statement\":[{\"Sid\":
\"EventsToMyQueue\", \"Effect\": \"Allow\", \"Principal\": {\"Service\":
\"events.amazonaws.com\"}, \"Action\": \"sqs:SendMessage\", \"Resource\":
\"<queue_arn>\", \"Condition\": {\"ArnEquals\": {\"aws:SourceArn\":
\"<eventbridge_rule_arn>\"}}}]}"
+}
+----
+
+Change the values for queue_arn and eventbridge_rule_arn, save the file with
policy.json name and run the following command with AWS CLI
+
+[source,bash]
+----
+aws sqs set-queue-attributes --queue-url <queue_url> --attributes
file://policy.json
+----
+
+where queue_url is the AWS SQS Queue URL of the just created Queue.
+
+Now you should be able to set up the configuration on the Camel side. To
enable the SQS notification add the following properties:
+
+[source,properties]
+----
+camel.vault.aws.refreshEnabled=true
+camel.vault.aws.refreshPeriod=60000
+camel.vault.aws.secrets=Secret
+camel.main.context-reload-enabled = true
+camel.vault.aws.useSqsNotification=true
+camel.vault.aws.sqsQueueUrl=<queue_url>
+----
+
+where queue_url is the AWS SQS Queue URL of the just created Queue.
Review Comment:
`<queue_url>`
##########
components/camel-aws/camel-aws-secrets-manager/src/main/docs/aws-secrets-manager-component.adoc:
##########
@@ -270,6 +270,66 @@ where `camel.vault.aws.refreshEnabled` will enable the
automatic context reload,
Note that `camel.vault.aws.secrets` is not mandatory: if not specified the
task responsible for checking updates events will take into accounts or the
properties with an `aws:` prefix.
+=== Automatic Camel context reloading on Secret Refresh with Eventbridge and
AWS SQS Services
+
+There is also the possibility of using AWS Eventbridge in combination with AWS
SQS Service.
+
+The needed bits on the AWS side are the following:
+
+- You need to create an AWS Cloudtrail trail
+- You need to create an AWS SQS Queue
+- You need to create an Eventbridge rule of this kind
+
+[source,json]
+----
+{
+ "source": ["aws.secretsmanager"],
+ "detail-type": ["AWS API Call via CloudTrail"],
+ "detail": {
+ "eventSource": ["secretsmanager.amazonaws.com"]
+ }
+}
+----
+
+This rule will make the event related to AWS Secrets Manager filtered
+
+- You need to set the a Rule target to the AWS SQS Queue for Eventbridge rule
+
+- You need to give permission to the Eventbrige rule, to write on the above
SQS Queue. For doing this you'll need to define a json file like this:
+
+[source,json]
+----
+{
+ "Policy":
"{\"Version\":\"2012-10-17\",\"Id\":\"<queue_arn>/SQSDefaultPolicy\",\"Statement\":[{\"Sid\":
\"EventsToMyQueue\", \"Effect\": \"Allow\", \"Principal\": {\"Service\":
\"events.amazonaws.com\"}, \"Action\": \"sqs:SendMessage\", \"Resource\":
\"<queue_arn>\", \"Condition\": {\"ArnEquals\": {\"aws:SourceArn\":
\"<eventbridge_rule_arn>\"}}}]}"
+}
+----
+
+Change the values for queue_arn and eventbridge_rule_arn, save the file with
policy.json name and run the following command with AWS CLI
+
+[source,bash]
+----
+aws sqs set-queue-attributes --queue-url <queue_url> --attributes
file://policy.json
+----
+
+where queue_url is the AWS SQS Queue URL of the just created Queue.
Review Comment:
`<queue_url>`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
