Question
Appriss
US
Last activity: 13 May 2019 8:29 EDT
Help with creating a repository using an Amazon S3 bucket
Hello,
I am currently in the process of installing the Pega Deployment Manager and am walking through the steps for doing so. I am at the step where it discusses creating a Repository and the options for doing so. Since we are self hosted, and utilize Amazon for most of our infrastructure needs, it makes the most sense for us to use an S3 bucket to create the repository. In reviewing the documentation, it appears we need 4 pieces of information: The name of the S3 bucket we created, the root path, the access key and the secret key. Upon discussing this with our infrastructure team, they are unsure of a few things:
1. Why do we need the access key and secret key?
2. What purpose do they serve?
3. Is Pega using CLI commands to work with repository or API calls of some sort?
4. It appears that the secret key is really a password field. Is this just the password associated to the access key?
Part of the confusion I think is that since our servers are already in Amazon and these buckets will also be in Amazon why do we need to do this? They feel that they should be able to allow this to happen without the keys since all of this is in the same VPC. We think these keys mean that they need to create a IAM user to allow programmatic access. Is this correct?
What do other people in this circumstance do?
Any help would be appreciated.
Regards,
Brian
Appriss
US
Hi All,
I'd really like to be able to move forward on this, and just need to get a confirmation on two things:
1. Is the reason the Access Key / Secret key are needed due to Pega making API calls to Amazon? My assumption is that this is the case since you'd need to create an AMI and create permissions for it and such.
2. Will this require us to install any additional components (CLI tools, etc) on our Pega application server or does Pega already handle it OOTB?
I need this confirmation so that I can provide it to my infrastructure team so that I can obtain the keys I need.
Regards,
Brian
Pegasystems Inc.
IN
Hi Brian,
Please find the answers.
1. Why do we need the access key and secret key? 2. What purpose do they serve?
We need these details to identify to which user this S3 bucket does belong to, secondly does the user have authenticated access to the S3 API's. Apart from this, you might need the S3 bucket name and root folder name. These details are sufficient to identify you.
3. Is Pega using CLI commands to work with repository or API calls of some sort?
Pega Makes API calls to check authentication, List Objects, Create Objects, folders etc.
Hi Brian,
Please find the answers.
1. Why do we need the access key and secret key? 2. What purpose do they serve?
We need these details to identify to which user this S3 bucket does belong to, secondly does the user have authenticated access to the S3 API's. Apart from this, you might need the S3 bucket name and root folder name. These details are sufficient to identify you.
3. Is Pega using CLI commands to work with repository or API calls of some sort?
Pega Makes API calls to check authentication, List Objects, Create Objects, folders etc.
4. It appears that the secret key is really a password field. Is this just the password associated to the access key?
Their is a difference between the Secret key being a password, the Secret key is auto generated by the AWS app, and is user specific, however it needs to be stored carefully and must not be shared. Pega takes care of the Security part. However, Secret Key will be required by Pega to get authenticated before making S3 calls.