Closed n2aws closed 4 years ago
n2aws
commented
6 years ago I've seen a couple PR's about authentication, and I believe this one PR will address the biggest issues in #244 as well as #145 by moving to the standard AWS credentialling system used by the java SDK, instead of having several workarounds.
acmcelwee
commented
6 years ago FWIW, I've deployed this to our ECS cluster, and it's working like a champ. I'd love to see this merged so we can go back to building our container from the mainline releases.
nfonrose
commented
6 years ago Great ! Can one of you provide a CloudFormation template (or another form of script) that would deploy Ice in ECS to help us validate this PR (and the other ones involving an ECS deployment of Ice) ?
Thanks
-- Nicolas Fonrose | Teevity | Founder +33.6.61.35.43.31 https://teevity.com - Cloud Costs Analytics built on NetflixOSS twitter - @nfonrose / @teevity
On Wed, Sep 13, 2017 at 7:16 PM, Adam McElwee notifications@github.com wrote:
FWIW, I've deployed this to our ECS cluster, and it's working like a champ. I'd love to see this merged so we can go back to building our container from the mainline releases.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/Teevity/ice/pull/263#issuecomment-329236492, or mute the thread https://github.com/notifications/unsubscribe-auth/AACUpb8iiyrrUe5Gl8j9zs4THZUkDVTVks5siA4FgaJpZM4OuxSB .
acmcelwee
commented
6 years ago @nfonrose happy to help. Can you give me an idea of your baseline so I know what you need to test this out?
If the answer is yes to both of those, I might be able to pull together a test harness for you create a new ECS service running the Ice container, but if your baseline isn't quite there, I think it's a bit more work that I have time for to get a fully working service up for you to validate.
nfonrose
commented
6 years ago Hi Adam, thanks for the help offer.
We're familiar with ECS but don't have an ECS cluster running as we don't use ECS to run the Ice instances for our SaaS service. But we can get one running fairly easily, so let's say I replied yes to both questions :-)
We don't really need a proper test harness. Just a "CloudFormation template" or "AWS CLI based script" that would deploy your version of Ice (that we have already merged into the ice integration branch) into a running ECS cluster. That way we can easily check that it's running fine.
n2aws
commented
4 years ago Any updates for this? Is teevity still supporting this project?
nfonrose
commented
4 years ago We've just merged the changes from the PR.
I've checked Jim Roth's fork (which is very active and very up-to-date on all core AWS Billing matters and also on the AWS SDK operations used), but it doesn't use the DefaultAWSCredentialsProviderChain class either. So telling you to check this work wasn't an option on this topic.
But it's generally a good idea to look at his fork because it's really active. And we'll try to get in touch with Jim to check if a (giant) PR from his repo to Teevity/ice is possible.
-- Nicolas Fonrose | Teevity | Founder +33.6.61.35.43.31 https://teevity.com - Cloud Costs Analytics for AWS, GCP and Azure powered by NetflixOSS Ice twitter - @nfonrose / @teevity
On Tue, Aug 27, 2019 at 10:56 PM Jeff Palmer notifications@github.com wrote:
Any updates for this? Is teevity still supporting this project?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/Teevity/ice/pull/263?email_source=notifications&email_token=AAAJJJJYIDGC5YVVWOM6YS3QGWIJLA5CNFSM4DV3CSA2YY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD5JC5VI#issuecomment-525479637, or mute the thread https://github.com/notifications/unsubscribe-auth/AAAJJJL2K5FHSM66AB2SBJDQGWIJLANCNFSM4DV3CSAQ .
This update changes the default auth mechanism to allow the SDK to use whatever crdentials are available if the key and token aren't provided in the config. This will allow ice to work in additional environments such as Amazon ECS, while still allowing the original enviornments to continue working as they had.
Assuming the credentials aren't provided in the config, they will be found and used in the following order (direct cut/paste from the Java SDK documentation):
AWS credentials provider chain that looks for credentials in this order: