search

acmesh-official / acme.sh

A pure Unix shell script implementing ACME client protocol
https://acme.sh
GNU General Public License v3.0
39.02k stars 4.94k forks source link

AWS IAM Roles support #2575

Open jmpsf opened 4 years ago

jmpsf commented 4 years ago

Hi,

IAM Roles support has been discussed in https://github.com/Neilpang/acme.sh/issues/453 and https://github.com/Neilpang/acme.sh/pull/512

Though there is still no solution to use the awscli credentials fetched automatically from the instance metadata.

A possible solution would be to integrate what is been said in the 453 issue inside acme.sh

ROLE=`curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/`
curl -s http://169.254.169.254/latest/meta-data/iam/security-credentials/$ROLE> /tmp/aws.keys
export AWS_ACCESS_KEY_ID=`cat /tmp/aws.keys | jq -j '.AccessKeyId'`
export AWS_SECRET_ACCESS_KEY=`cat /tmp/aws.keys | jq -j '.SecretAccessKey'`
export AWS_SESSION_TOKEN=`cat /tmp/aws.keys | jq -j '.Token'`
magnetik commented 2 years ago

From what I see in the code : https://github.com/acmesh-official/acme.sh/blob/c8c1c09189cac5da52424a36eb0846f4da385fa6/dnsapi/dns_aws.sh#L211-L213

It seems that it's supported