Closed terrazoon closed 1 month ago
This was feed from Ryan for this review: https://github.com/GSA/ttsnotify-brokerpak-sms/pull/4
It didn't fit into scope for sprint Ibis.
If I attempt to modify my terraform as recommended by Ryan (adding a caller identity and output), I get the following error message. I have seen this error message before when I tried to add a LifecycleConfiguration to the csv bucket.
It seems like somewhere at the boundary between regular AWS and cloud.gov, this problem with GetMetadata is preventing the ability to make some modifications. If it were a permissions issue, maybe we could add GetMetadata in the brokerpak, but this "host is down" message makes it look like it's something else.
╷ │ Error: configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found. │ │ Please see https://registry.terraform.io/providers/hashicorp/aws │ for more information about providing credentials. │ │ AWS Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, exceeded maximum number of attempts, 3, request send failed, Get "http://169.254.169.254/latest/meta-data/iam/security-credentials/": dial tcp 169.254.169.254:80: connect: host is down
The story requires terraform changes so I'm blocked.
Moving into the backlog for later resolution.
I think this should be closed as "will not do". We've been running with our current solution for a year now.
an idea for an enhancement to address the python side:
You should be able to use caller identity to add the AWS account ID into bind/outputs.tf
The values in outputs.tf get added to the bound service's credentials JSON, so you can parse and use them from within app/cloudfoundry_config.py