diff --git a/ui/app/components/configure-aws-secret/access-to-aws-form.hbs b/ui/app/components/configure-aws-secret/access-to-aws-form.hbs
new file mode 100644
index 000000000000..78ea9c1f97f2
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/access-to-aws-form.hbs
@@ -0,0 +1,96 @@
+
\ No newline at end of file
diff --git a/ui/app/components/configure-aws-secret/access-to-aws-form.ts b/ui/app/components/configure-aws-secret/access-to-aws-form.ts
new file mode 100644
index 000000000000..4d916fa424c0
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/access-to-aws-form.ts
@@ -0,0 +1,36 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+import Component from '@glimmer/component';
+import { action } from '@ember/object';
+import { tracked } from '@glimmer/tracking';
+import type SecretEngineModel from 'vault/models/secret-engine';
+
+type AWSRootCredsFields = {
+ access_key: string | null;
+ iam_endpoint: string | null;
+ sts_endpoint: string | null;
+ secret_key: string | null;
+ region: string | null;
+};
+
+interface Args {
+ model: SecretEngineModel;
+ accessKey: string;
+ iamEndpoint: string;
+ region: string;
+ secretKey: string;
+ stsEndpoint: string;
+ onSubmit: (data: AWSRootCredsFields) => void;
+}
+
+export default class ConfigureAwsSecretAccessToAwsFormComponent extends Component {
+ @tracked showOptions = false;
+
+ @action
+ saveRootCreds(data: AWSRootCredsFields, event: Event) {
+ event.preventDefault();
+ this.args.onSubmit(data);
+ }
+}
diff --git a/ui/app/components/configure-aws-secret/lease-form.hbs b/ui/app/components/configure-aws-secret/lease-form.hbs
new file mode 100644
index 000000000000..2d42fdbe7646
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/lease-form.hbs
@@ -0,0 +1,28 @@
+
\ No newline at end of file
diff --git a/ui/app/components/configure-aws-secret/lease-form.ts b/ui/app/components/configure-aws-secret/lease-form.ts
new file mode 100644
index 000000000000..df89ef2d8897
--- /dev/null
+++ b/ui/app/components/configure-aws-secret/lease-form.ts
@@ -0,0 +1,30 @@
+/**
+ * Copyright (c) HashiCorp, Inc.
+ * SPDX-License-Identifier: BUSL-1.1
+ */
+import Component from '@glimmer/component';
+import { action } from '@ember/object';
+import type SecretEngineModel from 'vault/models/secret-engine';
+import type { TtlEvent } from 'vault/app-types';
+
+type LeaseFields = { lease: string; lease_max: string };
+
+interface Args {
+ model: SecretEngineModel;
+ onSubmit: (data: LeaseFields) => void;
+}
+
+export default class ConfigureAwsSecretLeaseFormComponent extends Component {
+ @action
+ handleTtlChange(name: string, ttlObj: TtlEvent) {
+ // lease values cannot be undefined, set to 0 to use default
+ const valueToSet = ttlObj.enabled ? ttlObj.goSafeTimeString : 0;
+ this.args.model.set(name, valueToSet);
+ }
+
+ @action
+ saveLease(data: LeaseFields, event: Event) {
+ event.preventDefault();
+ this.args.onSubmit(data);
+ }
+}
diff --git a/ui/app/models/mount-config.js b/ui/app/models/mount-config.js
index d7b3665a70ea..879e29d04c6b 100644
--- a/ui/app/models/mount-config.js
+++ b/ui/app/models/mount-config.js
@@ -67,6 +67,15 @@ export default class MountConfigModel extends Model {
})
allowedManagedKeys;
+ @attr('string', {
+ editType: 'searchSelect',
+ fallbackComponent: 'string-list',
+ models: ['oidc/key'],
+ selectLimit: 1,
+ subText: 'A named key to sign tokens. Vault will use a default if left blank.',
+ })
+ identityTokenKey;
+
@attr('string', {
label: 'Plugin version',
subText:
diff --git a/ui/app/models/secret-engine.js b/ui/app/models/secret-engine.js
index 555918e97ea5..6873e7de82f1 100644
--- a/ui/app/models/secret-engine.js
+++ b/ui/app/models/secret-engine.js
@@ -202,6 +202,10 @@ export default class SecretEngineModel extends Model {
];
switch (this.engineType) {
+ case 'aws':
+ defaultFields = ['path', 'config.identityTokenKey'];
+ optionFields = [...CORE_OPTIONS, ...STANDARD_CONFIG];
+ break;
case 'kv':
defaultFields = ['path', 'maxVersions', 'casRequired', 'deleteVersionAfter'];
optionFields = [