search

AdRoll / hologram

Easy, painless AWS credentials on developer laptops.
Apache License 2.0
803 stars 42 forks source link

Add an IP allow list for the dockers #105

Closed odarbelaeze closed 3 years ago

odarbelaeze commented 3 years ago

This ip allow list fixes this error when using the service from within linux docker.

Before

~
❯ docker run --rm -it --entrypoint '' amazon/aws-cli curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/hologram-access
Access denied from non-localhost address: 172.17.0.2
~
❯ curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/hologram-access
{"Code":"Success","LastUpdated":"2020-12-16T22:51:44Z","Type":"AWS-HMAC","AccessKeyId":"[REDACTED]","SecretAccessKey":"[REDACTED]","Token":"[REDACTED]","Expiration":"2020-12-17T02:50:03Z"}%
~
❯ docker run --rm -it --entrypoint '' amazon/aws-cli curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/hologram-access
{"Code":"Success","LastUpdated":"2020-12-16T22:51:50Z","Type":"AWS-HMAC","AccessKeyId":"[REDACTED]","SecretAccessKey":"[REDACTED]","Token":"[REDACTED]","Expiration":"2020-12-17T02:50:03Z"}%

To test with extra allowed IPs (the gateway docker uses in Linux) use the following configuration:

{
  "host": "the.usual.url",
  "extraAllowedIps": ["172.17.0.2"]
}
CLAassistant commented 3 years ago

CLA assistant check
All committers have signed the CLA.