From 4eaab0a68918f2ac500584d461cb55367a5099d6 Mon Sep 17 00:00:00 2001
From: Idan Novogroder <idan.novogroder@treeverse.io>
Date: Wed, 10 Apr 2024 18:10:09 +0300
Subject: [PATCH] AWS external auth example

---
 examples/lakefs/enterprise/values-external-aws.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/examples/lakefs/enterprise/values-external-aws.yaml b/examples/lakefs/enterprise/values-external-aws.yaml
index 7d6cf4c..04c88b3 100644
--- a/examples/lakefs/enterprise/values-external-aws.yaml
+++ b/examples/lakefs/enterprise/values-external-aws.yaml
@@ -49,9 +49,18 @@ fluffy:
       external:
         aws_auth:
           enabled: true
+          get_caller_identity_max_age: 60
+    
           # list of headers that are required to be present in the GetCallerIdentity request
           required_headers:
-            x-lakefs-custom-key: "custom-value"
+            required-key: "custom-value"
+          # list of headers that are optional for the GetCallerIdentity request
+          optional_headers:
+            optional-key: "custom-value"
+          # list of valid STS hosts for the GetCallerIdentity request
+          valid_sts_hosts:
+            - "sts.amazonaws.com"
+            - "sts.us-east-1.amazonaws.com"
   secrets:
     create: true
   sso: