Consolidate AWS authentication documentation into dedicated reference#353
Consolidate AWS authentication documentation into dedicated reference#353lava wants to merge 4 commits into
Conversation
The Amazon integration overview duplicated most of the AWS IAM partial that ships with every AWS operator. Promote the shared content to a new "AWS Authentication" reference page, slim the partial to a schema plus a link, and add a local-usage section covering the AWS CLI and named profiles. Redirect the old overview URL to the new location.
Reintroduce the Amazon integration overview as a short catalog of supported services with pointers to each integration page and the shared authentication reference, without re-duplicating the auth content.
github-actions
Bot
added
reference
|
📦 Preview · View → · 🟢 Live Verified for |
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 3c166b3c01
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| The `web_identity` option supports three token sources: | ||
|
|
||
| - **`token_file`**: Path to a file containing the JWT token. This is standard | ||
| for Kubernetes workload identity (EKS, AKS, GKE) where the platform mounts | ||
| a service account token into the pod. | ||
| - **`token_endpoint`**: Configuration for fetching tokens from an HTTP | ||
| endpoint. Contains `url`, optional `headers`, and optional `path` for JSON | ||
| extraction. Use this for Azure IMDS or similar metadata services. |
There was a problem hiding this comment.
web_identity constraints
This section no longer states the validation rules that were previously documented for web_identity (assume_role must be provided and exactly one of token_file, token_endpoint, or token is allowed), so users can now follow this page and produce configs that fail at runtime during AWS auth setup. Please restore these constraints here (or explicitly link to a section that contains them) so the consolidated reference remains behaviorally complete.
Useful? React with 👍 / 👎.
Address review feedback by ordering sections from most-common to least-common: local usage with the AWS CLI first, then ambient credentials, web identity, and static keys last. Restore the constraints around web_identity (assume_role is required, exactly one token source) that were previously in the inline partial. De-emphasize authentication on the Amazon integrations overview so it no longer leads the page.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: c189c38a16
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| describes the shared `aws_iam` option used by <Op>from_s3</Op>, | ||
| <Op>to_s3</Op>, <Op>from_sqs</Op>, <Op>to_sqs</Op>, | ||
| <Op>from_amazon_cloudwatch</Op>, <Op>to_amazon_cloudwatch</Op>, | ||
| <Op>from_kafka</Op>, <Op>to_kafka</Op>, and <Op>to_amazon_security_lake</Op>. |
There was a problem hiding this comment.
This page now states that to_amazon_security_lake uses the shared aws_iam option, but that operator’s documented signature only accepts region, account_id, timeout, role, and external_id (no aws_iam). Users following this new reference may add an unsupported parameter and get invalid pipeline configs, so the operator list here should only include operators that actually expose aws_iam.
Useful? React with 👍 / 👎.
Replace the plain "Tenzir integrates with..." opener with a short paragraph that points to the actual AWS services we connect to and mentions native IAM integration, so the overview sells the breadth of support rather than just stating it exists.
1 participant
Summary
Extracted AWS authentication documentation from the Amazon integration overview into a dedicated reference page, improving organization and reducing duplication across AWS operator documentation.
Key Changes
New reference page: Created
src/content/docs/reference/aws-authentication.mdxwith comprehensive AWS authentication documentation covering:Updated Amazon integration overview: Simplified
src/content/docs/integrations/amazon/index.mdxto:Updated operator documentation: Modified references in CloudWatch, Security Lake, SQS, and S3 integration pages to point to the new authentication reference instead of the Amazon overview
Updated AWSIAMOptions partial: Simplified
src/partials/operators/AWSIAMOptions.mdxto reference the new authentication page for detailed field descriptions and examplesUpdated sidebar: Added the new authentication reference to the sidebar under a new "Authentication" section
Implementation Details
The consolidation maintains all existing authentication information while improving discoverability and reducing maintenance burden. All AWS operators now consistently reference the same authentication documentation through semantic components (
<Reference>), following the project's content authoring conventions.https://claude.ai/code/session_016Me98EHD4jPGD7Lz4gFMDQ