# AWS

The agent uses an AWS in three places:

1. AWS IAM connection to [MSK ](https://docs.lenses.io/latest/devx/6.0/deployment/configuration/agent/automation/kafka/aws-msk)for Lenses itself
2. Connecting to AWS Glue
3. Alert channels to Cloud Watch.

{% hint style="success" %}
If the Agent is deployed on an EC2 Instance or has access to AWS credentials in the default [AWS toolchain](https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials-chain.html#credentials-default) that can be used instead.

See [JSON schema](https://docs.lenses.io/latest/devx/6.0/deployment/configuration/overview#json-schema-support) for support.

Environment variables are supported; escape the dollar sign

```yaml
sslKeystorePassword:
  value: "\${ENV_VAR_NAME}"
```

{% endhint %}

{% hint style="danger" %}
Names must match be alphanumeric or dash non-empty string.
{% endhint %}

{% code title="provisioning.yaml" %}

```yaml
aws:
- name: my-aws-connection
  version: 1
  tags: [tag1, tag2]
  configuration:
    # Way to authenticate against AWS.Credentials Chain or Access Key
    authMode:
      value:
    # Access key ID of an AWS IAM account.
    accessKeyId:
       value:
    # Secret access key of an AWS IAM account.
    secretAccessKey:
       value:
    # AWS region to connect to. If not provided, this is deferred to client 
    # configuration.
    region:
       value:
    # Specifies the session token value that is required if you are using temporary 
    # security credentials that you retrieved directly from AWS STS operations.
    sessionToken:
       value:
    # The Amazon Resource Name (ARN) of the IAM role to assume using AWS STS
    assumeRoleArn:
       value: arn:aws:iam::[account-id]:role/[name]
    # An identifier for the assumed role session, used to uniquely distinguish
    # sessions when assuming the same role multiple times
    assumeRoleSessionName:
       value: [session-name]
```

{% endcode %}

### **Using AWS Access Key**

```yaml
aws:
  - name: my-aws-connection
    tags: ["tag1"]
    version: 1      
    configuration:
      authMode: 
        value: Access Key
      accessKeyId: 
        value: my-access-key-id
      secretAccessKey: 
        value: my-secret-access-key
      region: 
        value: eu-west-1
```

### **Using AWS Credentials Chain**

```yaml
aws:
  - name: my-aws-connection
    version: 1
    tags: []
    configuration:
      region:
        value: eu-north-1
      authMode:
        value: "Credentials Chain"
```

### **Using AWS Assume Role**

<pre class="language-yaml"><code class="lang-yaml">aws:
  - name: my-aws-connection
    version: 1
    tags: []
    configuration:
      region:
        value: eu-north-1
      authMode:
        value: "Assume Role"
<strong>      assumeRoleArn:
</strong>        value: arn:aws:iam::[account-id]:role/[name]
      assumeRoleSessionName:
        value: [session-name]
</code></pre>