Chapter 12. Configuring AWS STS for Red Hat Quay

Procedure

1. Update your config.yaml file for Red Hat Quay to include the following information:

   # ...
   DISTRIBUTED_STORAGE_CONFIG:
      default:
       - STSS3Storage
       - sts_role_arn: <role_arn> 

   1

   
         s3_bucket: <s3_bucket_name> 

   2

   
         storage_path: <storage_path> 

   3

   
         s3_region: <region> 

   4

   
         sts_user_access_key: <s3_user_access_key> 

   5

   
         sts_user_secret_key: <s3_user_secret_key> 

   6

   
   # ...

   Copy to Clipboard Toggle word wrap

   1

   The unique Amazon Resource Name (ARN) required when configuring AWS STS

   2

   The name of your s3 bucket.

   3

   The storage path for data. Usually /datastorage.

   4

   The Amazon Web Services region. Defaults to us-east-1.

   5

   The generated AWS S3 user access key required when configuring AWS STS.

   6

   The generated AWS S3 user secret key required when configuring AWS STS.

2. Restart your Red Hat Quay deployment.

Verification

1. Tag a sample image, for example, busybox, that will be pushed to the repository. For example:

   $ podman tag docker.io/library/busybox <quay-server.example.com>/<organization_name>/busybox:test

   Copy to Clipboard Toggle word wrap

2. Push the sample image by running the following command:

   $ podman push <quay-server.example.com>/<organization_name>/busybox:test

   Copy to Clipboard Toggle word wrap
3. Verify that the push was successful by navigating to the Organization that you pushed the image to in your Red Hat Quay registry Tags.
4. Navigate to the Amazon Web Services (AWS) console and locate your s3 bucket.
5. Click the name of your s3 bucket.
6. On the Objects page, click datastorage/.

7. On the datastorage/ page, the following resources should seen:

   • sha256/

   • uploads/

     These resources indicate that the push was successful, and that AWS STS is properly configured.