youcandanch
commented
1 month ago Can confirm we've tested with this and it works as expected. Thanks @mmalecki! Makes our lives way easier.
Closed mmalecki closed 2 weeks ago
youcandanch
commented
1 month ago Can confirm we've tested with this and it works as expected. Thanks @mmalecki! Makes our lives way easier.
arithmetic1728
commented
1 month ago @BigTailWolf please take a look, thanks!
youcandanch
commented
3 weeks ago @BigTailWolf if you've got some time, this would unblock those of us trying to use ECS with google-auth in a big way. Right now, we're basically locked into using service account keys, and being able to use identity federation would be a huge step in securing our applications better. Thanks in advance!
lsirac
commented
3 weeks ago Hey folks, we don't plan on directly supporting this right now and suggest using your own custom credential supplier.
youcandanch
commented
2 weeks ago @lsirac okay, thanks for the link, that seems pretty straightforward. I'll fully admit that's a little disappointing as it's something we'll have to incorporate in every repo we have that uses ECS, but I also totally understand y'all have to juggle your priorities.
The container credential provider is used on AWS ECS and AWS EKS. It presents a different API and integration surface than IMDS, and so custom code is required to make use of it.
Ref: https://docs.aws.amazon.com/sdkref/latest/guide/feature-container-credentials.html
Fixes #885. Fixes #1099.
One thing I wasn't sure about in this PR was reusing the
urlparameter, rendering it to have 2 different meanings. I'm happy to refactor it to a different name, but I'll leave that decision up to reviewers.