# AWS

The agent uses an AWS in three places:

1. AWS IAM connection to [MSK ](https://docs.lenses.io/latest/deployment/configuration/agent/automation/kafka/aws-msk)for Lenses itself
2. Connecting to AWS Glue
3. Alert channels to Cloud Watch.

{% hint style="success" %}
If the Agent is deployed on an EC2 Instance or has access to AWS credentials in the default [AWS toolchain](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-chain.html#credentials-default) that can be used instead.

See [JSON schema](https://docs.lenses.io/latest/deployment/configuration/overview#json-schema-support) for support.

Environment variables are supported; escape the dollar sign

```yaml
sslKeystorePassword:
  value: "${ENV_VAR_NAME}"
```

{% endhint %}

{% hint style="danger" %}
Names must match be alphanumeric or dash non-empty string.
{% endhint %}

{% code title="provisioning.yaml" %}

```yaml
aws:
- name: my-aws-connection
  version: 1
  tags: [tag1, tag2]
  configuration:
    # Way to authenticate against AWS.Credentials Chain or Access Key
    authMode:
      value:
    # Access key ID of an AWS IAM account.
    accessKeyId:
       value:
    # Secret access key of an AWS IAM account.
    secretAccessKey:
       value:
    # AWS region to connect to. If not provided, this is deferred to client 
    # configuration.
    region:
       value:
    # Specifies the session token value that is required if you are using temporary 
    # security credentials that you retrieved directly from AWS STS operations.
    sessionToken:
       value:
    # The Amazon Resource Name (ARN) of the IAM role to assume using AWS STS
    assumeRoleArn:
       value: arn:aws:iam::[account-id]:role/[name]
    # An identifier for the assumed role session, used to uniquely distinguish
    # sessions when assuming the same role multiple times
    assumeRoleSessionName:
       value: [session-name]
```

{% endcode %}

### **Using AWS Access Key**

```yaml
aws:
  - name: my-aws-connection
    tags: ["tag1"]
    version: 1      
    configuration:
      authMode: 
        value: Access Key
      accessKeyId: 
        value: my-access-key-id
      secretAccessKey: 
        value: my-secret-access-key
      region: 
        value: eu-west-1
```

### **Using AWS Credentials Chain**

```yaml
aws:
  - name: my-aws-connection
    version: 1
    tags: []
    configuration:
      region:
        value: eu-north-1
      authMode:
        value: "Credentials Chain"
```

### **Using AWS Assume Role**

<pre class="language-yaml"><code class="lang-yaml">aws:
  - name: my-aws-connection
    version: 1
    tags: []
    configuration:
      region:
        value: eu-north-1
      authMode:
        value: "Assume Role"
<strong>      assumeRoleArn:
</strong>        value: arn:aws:iam::[account-id]:role/[name]
      assumeRoleSessionName:
        value: [session-name]
</code></pre>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.lenses.io/latest/deployment/configuration/agent/automation/aws.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.