Closed jerger closed 8 years ago
Assume role is definitely supported and working!
Definitely works.
@jerger how would you run tests against an instance using secret key? This ssh's into it using the --key-name
and --key-file
params.
I don't see any references to secret keys
Sorry, I don't know where my brain was at, instance profiles are supported. Assuming a role is best done before you call ami-spec
like so:
aws sts assume-role --role-arn ...
ami-spec ...
Okay. So let me rephrase my question: 1.) assume-role will work for creating a test-instance from ami? 2.) the parameters --key-name and --key-file has to point to a key residing in aws? 3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed the given ssh-credentials ?
My ami allready contains needed credentials - so step 2. - 3. is not necessary to me ...
HI Jerger,
1.) assume-role will work for creating a test-instance from ami?
Yes, as listed above
2.) the parameters --key-name and --key-file has to point to a key residing in aws?
Key name refers to an existing AWS SSH key, the key-file just needs to point to any private key that the instance will allow you to login with.
3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed
AWS injects the key-name
at bootup, the key-file and ssh-user doesn't have to map to the key-name, they could be different keys.
You could always just set --key-name
to an existing key, but then ignore it and point --key-file
at your existing SSH key. Unfortunately at the moment --key-name
is a required parameter, although that's not strictly necessary as you can launch instances with no SSH key injected at boot.
Great - thanx for clarifying :)
As I understand your docu, the only way to test specs is to provide amazons key & key secret. This means, amazons assume role feature is not supported yet?
BR, jerger