Closed carrascoacd closed 3 years ago
cc/ @vanetix
Thanks @carrascoacd I'll take a look at this tonight or tomorrow morning!
Good work, I really like this addition! I'll wait for the https://github.com/ex-aws/ex_aws/pull/747 to get merged up and I'll merge this in and bump a minor version.
Hi @vanetix - I've just published ex_aws 2.2.0 which has support for this change. Apologies for the delay.
Hi @vanetix - I've just published ex_aws 2.2.0 which has support for this change. Apologies for the delay.
No worries @bernardd I'll be pretty busy here for the near future but please let me know if there is anything I can do to help out on the core ex_aws work!
Thanks again @carrascoacd! I'll go ahead and merge this. I need to get with @koozdra to get another PR with a version bump / publish to hex.pm.
@vanetix if you need help with the bump version I can create the PR even updating the doc to reflect the new way.
@vanetix if you need help with the bump version I can create the PR even updating the doc to reflect the new way.
That would be awesome, that would let me approve + merge. Sorry this slipped my mind.
Problem
In order to make
ex_aws
fully production-ready, we need to take into account the containerized applications that run, for example, over Kubernetes or Nomad. A typical configuration of secrets for this kind of application is by injection using environment variables. It is very common to restrict write permissions on the file system to avoid security problems also.The aforementioned facts enter in conflict with the design of the STS module which resides on a file system file in order to assume a role for example.
Proposed solution
Use the new way of fetching the credentials without coupling the retrieval to a file in the filesystem. Follow the upstream PR to understand the changes: https://github.com/ex-aws/ex_aws/pull/747