You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/guides/operator-guide-aws-marketplace.md
+6-6Lines changed: 6 additions & 6 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -108,10 +108,10 @@ The following table lists all resources that are created during the [deployment]
108
108
109
109
| Name | Type | Description |
110
110
|:------|:------|:-------------|
111
-
|`KMSKey`|`AWS::KMS::Key`|The key for secret encryption (for configuration strings). |
111
+
|`KMSKey`|`AWS::KMS::Key`|Custom KMS key used for encrypting the secrets in AWS Secrets Manager. |
112
112
|`SSMKeyAlias`|`AWS::KMS::Alias`| An alias that provides an easy way to access the [KMS](https://aws.amazon.com/kms/) key. |
113
-
|`TokenSecret`|`AWS::SecretsManager::Secret`|An encrypted configuration that includes the operator key. |
114
-
|`WorkerRole`|`AWS::IAM::Role`| The IAM role that your UID2 Operators run as. Roles provide access to configuration keys. |
113
+
|`TokenSecret`|`AWS::SecretsManager::Secret`|A Secrets Manager secret to store the operator key. |
114
+
|`WorkerRole`|`AWS::IAM::Role`| The IAM role that your UID2 Operators run as. The role provides access to AWS Secrets Manager to retrieve operator keys. |
115
115
|`WorkerInstanceProfile`|`AWS::IAM::InstanceProfile`| The instance profile with Worker Role to attach to Operator EC2 instances. |
116
116
|`SecurityGroup`|`AWS::EC2::SecurityGroup`| A security group policy that provides rules for operator instances. See also [Security Group Policy](#security-group-policy).|
117
117
|`LaunchTemplate`|`AWS::EC2::LaunchTemplate`| A launch template with all configurations in place. You can spawn new UID2 Operator instances from it. |
@@ -136,7 +136,7 @@ To avoid passing certificates associated with your domain into the enclave, inbo
136
136
| ----------- | --------- | -------- | ------ |
137
137
| 80 | Inbound | HTTP | Serves all UID2 APIs, including the healthcheck endpoint `/ops/healthcheck`.<br/>When everything is up and running, the endpoint returns HTTP 200 with a response body of `OK`. For details, see [Checking UID2 Operator Status](#checking-uid2-operator-status). |
| 443 | Outbound | HTTPS | Calls the UID2 Core Service; updates opt-out data and key store. |
139
+
| 443 | Outbound | HTTPS | Calls the UID2 Core Service, AWS S3, to download files for opt-out data and key store. |
140
140
141
141
### VPC Chart
142
142
@@ -216,7 +216,7 @@ To create a load balancer and a target operator auto-scaling group, complete the
216
216
2. Click **Create Load Balancer**.
217
217
3. On the Load balancer types page, in the **Application Load Balancer** section, click **Create**.
218
218
4. Enter the UID2 **Load balancer name**. Depending on whether or not you need to access UID2 APIs from public internet, choose the **Internet-facing** or **Internal** scheme.
219
-
5. Select the **VPC**for your targets and at least two subnets used in your CloudFormation stack.
219
+
5. Select the **VPC**you used while creating the CloudFormation stack, and at least two subnets.
220
220
6. Under **Security groups**, click **Create new security group** and do the following:
221
221
1. Enter `UID2SGALB` as its **Security group name**, as well as a relevant **Description**.
222
222
2. Under **Inbound rules**, click **Add rule**, then select the **HTTPS** Type and an appropriate **Source** according to your requirements.
@@ -332,7 +332,7 @@ These are the default settings for the following reasons:
332
332
333
333
### Changing the Log Rotation Schedule
334
334
335
-
To change the log rotation schedule, update the `etc/logrotate.d/operator-logrotate.conf` file.
335
+
To change the log rotation schedule, update the `etc/logrotate.d/operator-logrotate.conf` file.
336
336
337
337
Follow the instructions in the logrotate documentation: see [logrotate(8) - Linux man](https://linux.die.net/man/8/logrotate) page.
Copy file name to clipboardExpand all lines: docs/snippets/_private-operator-attest-failure.mdx
+1-1Lines changed: 1 addition & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,6 +1,6 @@
1
1
When a Private Operator fails to attest with the Core service, one of the following actions happens:
2
2
- HTTP 401 response. The Private Operator terminates itself immediately.
3
-
- Likely Causes: API key revoked or incorrect.
3
+
- Likely Causes: Operator key revoked or incorrect.
4
4
- Any other non-200 response code. The Private Operator continues to function for 12 hours. If the issue is not resolved in this time frame, it terminates itself.
5
5
- Likely Causes: Core service issues, network issues.
0 commit comments