Assume Role is not supported

[jerger]

As I understand your docu, the only way to test specs is to provide amazons key & key secret. This means, amazons assume role feature is not supported yet?

BR, jerger

[patrobinson]

Assume role is definitely supported and working!

[myoung34]

Definitely works.

@jerger how would you run tests against an instance using secret key? This ssh's into it using the --key-name and --key-file params.

I don't see any references to secret keys

[patrobinson]

Sorry, I don't know where my brain was at, instance profiles are supported. Assuming a role is best done before you call ami-spec like so:

aws sts assume-role --role-arn ...
ami-spec ...

[jerger]

Okay. So let me rephrase my question: 1.) assume-role will work for creating a test-instance from ami? 2.) the parameters --key-name and --key-file has to point to a key residing in aws? 3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed the given ssh-credentials ?

My ami allready contains needed credentials - so step 2. - 3. is not necessary to me ...

[patrobinson]

HI Jerger,

1.) assume-role will work for creating a test-instance from ami?

Yes, as listed above

2.) the parameters --key-name and --key-file has to point to a key residing in aws?

Key name refers to an existing AWS SSH key, the key-file just needs to point to any private key that the instance will allow you to login with.

3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed

AWS injects the key-name at bootup, the key-file and ssh-user doesn't have to map to the key-name, they could be different keys.

You could always just set --key-name to an existing key, but then ignore it and point --key-file at your existing SSH key. Unfortunately at the moment --key-name is a required parameter, although that's not strictly necessary as you can launch instances with no SSH key injected at boot.

[jerger]

Great - thanx for clarifying :)