chore(gateway): add notice for unsupported AWS credential provider (#…

…8181) * chore(gateway): add notice for unsupported AWS credential provider * Apply suggestions from code review Co-authored-by: lena-larionova <[email protected]> --------- Co-authored-by: lena-larionova <[email protected]>
Kong · Dec 2, 2024 · 51f4ac1 · 51f4ac1
1 parent b1f939e
commit 51f4ac1
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/app/_hub/kong-inc/aws-lambda/overview/_index.md b/app/_hub/kong-inc/aws-lambda/overview/_index.md
@@ -60,6 +60,9 @@ precedence order:
 - Fetch from the EKS [IAM roles for the service account](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
 - Fetch from the EC2 IMDS metadata. Both v1 and v2 are supported.
 
+{:.note}
+> **Note:** IAM Identity Center credential provider and Process credential provider are not supported.
+
 If you also provide the `aws_assume_role_arn` option, the plugin will try to perform
 an additional [AssumeRole](https://docs.aws.amazon.com/STS/latest/APIReference/API_AssumeRole.html)
 action. This requires the Kong process to make a HTTPS request to the AWS STS service API after

diff --git a/app/_src/gateway/kong-enterprise/aws-iam-auth-to-rds-database.md b/app/_src/gateway/kong-enterprise/aws-iam-auth-to-rds-database.md
@@ -36,6 +36,10 @@ Before you enable the AWS IAM authentication, you must configure your AWS RDS da
 
    {:.warning}
    > **Warning:** You **can't** change the value of the environment variables you used to provide the AWS credential after booting {{site.base_gateway}}. Any changes are ignored.
+
+   {:.note}
+   > **Note:** IAM Identity Center credential provider and Process credential provider are not supported.
+
 {% if_version gte:3.4.x %}
   {% unless page.release == "3.5.x" or page.release == "3.6.x" or page.release == "3.7.x" %}
    - If you want to assume a role, make sure the original IAM role that Kong uses has the correct permission to assume the role of the target IAM role, and the target IAM role has the correct permission to connect to the database using IAM authentication.

diff --git a/app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md b/app/_src/gateway/kong-enterprise/secrets-management/backends/aws-sm.md
@@ -15,6 +15,9 @@ To access secrets stored in the AWS Secrets Manager, {{site.base_gateway}} needs
 - Fetch from an EKS [IAM roles for service account](https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts.html).
 - Fetch from EC2 IMDS metadata. Both v1 and v2 are supported
 
+{:.note}
+> **Note:** IAM Identity Center credential provider and Process credential provider are not supported.
+
 {{site.base_gateway}} also supports role assuming which allows you to use a different IAM role to fetch secrets from AWS Secrets Manager.  This is a common practice in permission division and governance and cross-AWS account management.
 {% endif_version %}