add proxy sigv4 plugin documentation (#1325)

* proxy-sigv4 plugin * lint * requested changes * not relative link
RoadieHQ · Jul 10, 2024 · a913ed9 · a913ed9
1 parent 8cd2da1
commit a913ed9
Show file tree

Hide file tree

Showing 3 changed files with 72 additions and 9 deletions.
diff --git a/content/docs/docs-nav.yaml b/content/docs/docs-nav.yaml
@@ -8,13 +8,13 @@ nav:
   - Getting started:
       - Overview: '/docs/getting-started/overview/'
       - Setting up your catalog:
-        - Adding to your catalog: '/docs/getting-started/adding-a-catalog-item/'
-        - Enable autodiscovery: '/docs/getting-started/autodiscovery/'
-        - Modelling your software: '/docs/getting-started/model-software/'
+          - Adding to your catalog: '/docs/getting-started/adding-a-catalog-item/'
+          - Enable autodiscovery: '/docs/getting-started/autodiscovery/'
+          - Modelling your software: '/docs/getting-started/model-software/'
       - Adding users:
-        - Inviting users: '/docs/getting-started/user-management/'
-        - Designating admins: '/docs/getting-started/create-admin-group/'
-        - Modelling Users and Groups: '/docs/getting-started/teams/'
+          - Inviting users: '/docs/getting-started/user-management/'
+          - Designating admins: '/docs/getting-started/create-admin-group/'
+          - Modelling Users and Groups: '/docs/getting-started/teams/'
       - Adding plugins: '/docs/getting-started/configuring-backstage-plugins/'
       - Customising the Roadie UI: '/docs/getting-started/configure-ui/'
       - Creating a scorecard: '/docs/getting-started/creating-a-scorecard/'
@@ -53,6 +53,7 @@ nav:
       - Opsgenie: '/docs/integrations/opsgenie/'
       - PagerDuty: '/docs/integrations/pagerduty/'
       - Prometheus: '/docs/integrations/prometheus/'
+      - Proxy AWS Sigv4: '/docs/integrations/proxy-sigv4/'
       - Pulumi: '/docs/integrations/pulumi/'
       - Sentry: '/docs/integrations/sentry/'
       - Shortcut: '/docs/integrations/shortcut-plugin/'

diff --git a/content/docs/integrations/proxy-sigv4/index.md b/content/docs/integrations/proxy-sigv4/index.md
@@ -0,0 +1,62 @@
+---
+title: Proxy Sigv4 Plugin
+publishedDate: '2024-06-08T12:00:00.0Z'
+description: How to configure Roadie to use AWS Signature Version 4 for proxying requests to and from AWS services
+
+humanName: Proxy AWS Sigv4
+logoImage: '../../../assets/logos/aws/Amazon_Web_Services_Logo.png'
+integrationType: OSS plugin
+---
+
+## Introduction
+
+The Proxy Sigv4 plugin is essential for securely signing requests to AWS services using the Sigv4 signing process.
+
+This guide explains how to set up and configure the Proxy Sigv4 plugin in your Backstage environment to ensure your requests to AWS services are properly authenticated.
+
+## Step 1: Get the roadie IAM details
+
+Navigate to `Administration > Settings > Plugins > Proxy (Sigv4)` and make a note of the Roadie backend role ARN and account ID. This is mentioned on the Role Arn field of the Proxy Sigv4 plugin settings page.
+
+## Step 2: Create a federated role in your account for Roadie
+
+Follow the steps [here](/docs/details/accessing-aws-resources) to create the role.
+
+The role needs to follow this naming convention `arn:aws:iam::*:role/<your-tenant-name>-roadie-<your-role-name>` where <your-tenant-name> matches your organisation's name used in the url of your Roadie instance.
+
+You'll need to set a trusted relantionship in your new role so that Roadie can assume it. And then attach any permission policy that you need to the role.
+
+<details>
+
+<summary>Trusted relantionships in your new role</summary>
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::<roadie-account-id>:root"
+      },
+      "Action": "sts:AssumeRole",
+      "Condition": {}
+    }
+  ]
+}
+```
+
+</details>
+
+## Step 3: Configure your Roadie instance to use the new role
+
+On the AWS S3 settings page `Administration > Settings > Plugins > Proxy (Sigv4)` in Roadie click `Add Item` and enter the newly created
+role ARN, the `path` you want the proxy to be available on and the `target` for your AWS resource.
+
+example: `/s3`
+will be available on `https://<your-roadie-url>/api/proxy-sigv4/s3`
+
+After the role configuration is done, you can click the 'Test Role' button to check if integration configuration has succeeded.
+
+Please ensure there is a trusted relationship with allows the created role to be assumed.
+For more information please visit: [Accessing AWS Resources](/docs/details/accessing-aws-resources)
diff --git a/cypress.config.js b/cypress.config.js
@@ -1,10 +1,10 @@
-const { defineConfig } = require('cypress')
+const { defineConfig } = require('cypress');
 
 module.exports = defineConfig({
   e2e: {
     setupNodeEvents(on, config) {
-      return require('./cypress/plugins/index.js')(on, config)
+      return require('./cypress/plugins/index.js')(on, config);
     },
     baseUrl: 'http://localhost:8001',
   },
-})
+});