You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: common/cc-blobstore-config.html.md.erb
+42-2
Original file line number
Diff line number
Diff line change
@@ -52,9 +52,9 @@ To use Fog blobstores with AWS credentials, perform the following steps:
52
52
53
53
##<aid="fog-aws-sse"></a> Fog with AWS Server-Side Encryption
54
54
55
-
AWS S3 offers Server-Side Encryption at rest. For more information, see <ahref="http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingServerSideEncryption.html">Protecting Data Using Server-Side Encryption with Amazon S3-Managed Encryption Keys (SSE-S3)</a>.
55
+
AWS S3 offers Server-Side Encryption at rest. For more information, see <ahref="http://docs.aws.amazon.com/AmazonS3/latest/dev/serv-side-encryption.html">Protecting Data Using Server-Side Encryption</a>.
56
56
57
-
To use Fog blobstores with AWS SSE-S3 encryption, perform the following steps:
57
+
<strong>AWS SSE-S3 blobstore encryption</strong>
58
58
59
59
1. Insert the following configuration into your manifest under `properties.cc`:
60
60
@@ -91,6 +91,46 @@ To use Fog blobstores with AWS SSE-S3 encryption, perform the following steps:
91
91
92
92
1. `fog_aws_storage_options` takes a hash with the key `encryption`. Operators can set its value to a type of encryption algorithm. In the configuration information above, `encryption` is set to `AES256` in order to enable AWS SSE-S3 encryption. Further configuration can be provided through the `fog_aws_storage_options` hash, which is passed through to the Fog gem.
93
93
94
+
<strong>AWS SSE-KMS blobstore encryption</strong>
95
+
96
+
1. Get your KMS Key ID. For information on managing KMS keys, see <ahref='http://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html'>the getting started guide.</a>
97
+
98
+
1. Insert the following configuration into your manifest under `properties.cc`:
1. Replace `AWS_ACCESS_KEY` and `AWS_SECRET_ACCESS_KEY` with your AWS credentials. Replace `YOUR-AWS-BUILDPACK-BUCKET`, `YOUR-AWS-DROPLET-BUCKET`, `YOUR-AWS-PACKAGE-BUCKET`, `YOUR-AWS-RESOURCE-BUCKET` with the names of your AWS buckets. Replace `YOUR-AWS-KMS-KEY-ID` with your KMS Key ID. Do not use periods (`.`) in your AWS bucket names. In the AWS console, you must assign your credentials an IAM policy that allows all S3 actions on all of these buckets. Further configuration can be provided through the <code>fog_connection</code> hash, which is passed through to the Fog gem.
131
+
132
+
1. `fog_aws_storage_options` takes a hash with the key `encryption`. Operators can set its value to a type of encryption algorithm. In the configuration information above, `encryption` is set to `aws:kms` in order to enable AWS SSE-KMS encryption. Further configuration can be provided through the `fog_aws_storage_options` hash, which is passed through to the Fog gem.
133
+
94
134
##<aid="fog-aws-iam"></a> Fog with AWS IAM Instance Profiles
95
135
96
136
To configure Fog blobstores to use <ahref="http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html">AWS IAM Instance Profiles</a>, perform the following steps:
0 commit comments