chore(byok): Detailed guide on creating AWS KMS key, add downloadable files #7019
Conversation
|
|
|
👋 🤖 🤔 Hello, @stathis-cmnd! Did you make your changes in all the right places? These files were changed only in docs/. You might want to duplicate these changes in versioned_docs/version-8.7/.
You may have done this intentionally, but we wanted to point it out in case you didn't. You can read more about the versioning within our docs in our documentation guidelines. |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
| * Outputs the key ARN for you to provide to Camunda. | ||
|
|
||
| **Instructions:** | ||
| 1. Download the script: [create-byok-kms-key-single-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-single-region.sh). |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [create-byok-kms-key-single-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-single-region.sh). Please use relative URLs.
| * Outputs both key ARNs for you to provide to Camunda. | ||
|
|
||
| **Instructions:** | ||
| 1. Download the script: [create-byok-kms-key-multi-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-multi-region.sh). |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [create-byok-kms-key-multi-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-multi-region.sh). Please use relative URLs.
| > before creating the second key. | ||
|
|
||
| **Script Reference:** | ||
| For creating AWS KMS single-region key Download and run [create-byok-kms-key-single-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-single-region.sh) |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [create-byok-kms-key-single-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-single-region.sh). Please use relative URLs.
|
|
||
| **Script Reference:** | ||
| For creating AWS KMS single-region key Download and run [create-byok-kms-key-single-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-single-region.sh) | ||
| For creating AWS KMS multi-region keys Download and run [create-byok-kms-key-multi-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-multi-region.sh) |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [create-byok-kms-key-multi-region.sh](https://docs.camunda.io/docs/next/components/saas/byok/downloads/create-byok-kms-key-multi-region.sh). Please use relative URLs.
|
|
||
| 6. **Edit Key Policy** | ||
| * On the review screen, find the **Key policy** section and click **Switch to policy view**. | ||
| * Add to or replace with the [key policy](https://docs.camunda.io/docs/next/components/saas/byok/downloads/aws-kms-key-policy.json) we provide to you |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [key policy](https://docs.camunda.io/docs/next/components/saas/byok/downloads/aws-kms-key-policy.json). Please use relative URLs.
|
@christinaausley this is a detailed guide on how to create the KMS keys. Links to this doc will be used to support the console operations i.e. links from the console around BYOK should lead in this doc. In addition we can use it as direct reference and link it to https://github.com/camunda/camunda-docs/pull/6634/files#diff-190963c5b7bc0e62f2648f199626a6d28c8b70684b8e50825efce41f5c1f752fR43 Instead of adding the instructions there The PR also includes the downloaded files the customers can download through the console. Could you please give your feedback if you agree with this doc and if it needs formation changes? Thank you cc @Sijoma |
|
|
||
| 6. **Edit Key Policy** | ||
| - On the review screen, find the **Key policy** section and click **Switch to policy view**. | ||
| - Add to or replace with the [key policy](https://docs.camunda.io/docs/next/components/saas/byok/downloads/aws-kms-key-policy.json) we provide to you |
There was a problem hiding this comment.
[all.markdownLinksDontExitToProduction] Improper link format: [key policy](https://docs.camunda.io/docs/next/components/saas/byok/downloads/aws-kms-key-policy.json). Please use relative URLs.
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
| - Charges for KMS Key storage will appear on your AWS bill | ||
| - Charges for KMS API calls will appear on Camunda's AWS bill | ||
| - **For single region the KMS key must be created in the eu-west-1 (Ireland) region** | ||
| - **For dual-region backup, the primary key must be in eu-west-1 (Ireland) and the replica/secondary key in a eu-west-2 (London)** No newline at end of file |
There was a problem hiding this comment.
[prettier] reported by reviewdog 🐶
| - **For dual-region backup, the primary key must be in eu-west-1 (Ireland) and the replica/secondary key in a eu-west-2 (London)** | |
| - **For dual-region backup, the primary key must be in eu-west-1 (Ireland) and the replica/secondary key in a eu-west-2 (London)** |
|
@stathis-cmnd I noticed that this new Since both guides walk the user through creating and configuring AWS KMS keys for BYOK, it might make sense to merge them into a single, structured flow (e.g., in
This would give users one place to follow the full workflow and make maintenance easier over time. |
|
@christinaausley yes that is actually the case. We had in another repo the guides and instructions provided/written by Philipp from AWS. I changed them a bit to be compatible with our use case. So the idea is to merge them in one doc and single source of truth. If you can to the merging that would be great. Thank you |
|
@mesellings As far as the downloads here, how do you want cases like these handled in the docs? Kept in the docs, and just link to the repo location, or in a separate repo entirely? Alternatively we can incorporate them as details elements, as done with https://github.com/camunda/camunda-docs/pull/6634/files currently. |
|
Closing as this was incorporated with https://github.com/camunda/camunda-docs/pull/6634/files. |
3 participants
Description
Detailed docs on how to create a AWS KMS key for the BYOK integration.
Add downloadable files.
Links to this docs will be used in the console integration for downloading scripts and providing customers with technical documentation
When should this change go live?
bugorsupportlabel)available & undocumentedlabel)holdlabel)low priolabel)PR Checklist
{type}(scope): {description}commit message(s)/docsdirectory (version 8.8)./versioned_docsdirectory.@camunda/tech-writersunless working with an embedded writer.