Open pgrm opened 6 years ago
I will have to test this out with the new service assembly in v3, but I am not currently aware of what needs to be done for this to happen.
@MrSaints - not sure if this helps, but in the .Net version of the SDK, if no parameters have been provided, the SDK is trying out different ways to retrieve those credentials and eventually falls back it IAM. So in .Net I'd implement a check if the id and secret have been provided and pass them as parameters, otherwise let the aws client fall back to default values.
I'd guess that all their clients should work similarly, but I'm not sure about that.
@pgrm Oh, if that's the case, that's what v3, and the newest version of v2 does! 😄
See: https://github.com/arachnys/athenapdf/pull/97/files#diff-f6703b1f0e3c987ebae80ac0b97ff471R44
If that's the case, we should probably try it out, and close this issue.
seems like it's more difficult in GO - FYI - https://docs.aws.amazon.com/sdk-for-go/api/service/iam/
@pgrm Looks like that's for interacting with the IAM API. For the session itself: https://docs.aws.amazon.com/sdk-for-go/api/aws/session/, it seems like IAM roles are supported if static credentials are not provided.
Currently the way the AWS credentials are created doesn't work with IAM roles on AWS. I think the solution could be, to assume IAM roles should be used if no AWS_ID and AWS_SECRET were provided.
So instead of trying to create credentials with access key and secret as it's done here https://github.com/arachnys/athenapdf/blob/cdp/cmd/weaver/converter/upload_conversion.go#L31 a different method should be called (unfortunately I don't know which method this is)