Support container task role credentials in token provider

ex-aws / ex_aws

A flexible, easy to use set of clients AWS APIs for Elixir

https://hex.pm/packages/ex_aws

MIT License

1.26k stars 521 forks source link

Support container task role credentials in token provider #873

Closed leopoldogodines closed 2 years ago

leopoldogodines commented 2 years ago

Some AWS services built on top of ECS such as codebuild and fargate will provide AWS_CONTAINER_CREDENTIALS_RELATIVE_URI env variable, that should be used with a different host to access the task credentials token, but the new InstanceMetaTokenProvider was ignoring this. If that env variable is present, it will build the token URL using it instead.

Fixes #869

larrywax commented 2 years ago

Hello, can this PR be prioritised? Right now this issue is blocking not only customers on codebuild and fargate but every customer that use ECS and blocks instance metadata access from containers (as AWS suggests https://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html#task-iam-role-considerations)

bernardd commented 2 years ago

Thanks very much @leopoldogodines!