Does S3Signer support IAM roles?

[q42jaap]

Hey,

For my local test machine I'm using an IAM user with accessKey and SecretKey, but for on EC2 we're using IAM roles. Does the S3 object or, the S3Signer support IAM roles?

[EECOLOR]

Couldn't you just make a WS call to http://169.254.169.254/latest/meta-data/iam/security-credentials/$role and parse the result into an instance of AwsCredentials?

The response looks like this:

{
  "Code" : "Success",
  "LastUpdated" : "2012-04-26T16:39:16Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "AKIAIOSFODNN7EXAMPLE",
  "SecretAccessKey" : "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY",
  "Token" : "token",
  "Expiration" : "2012-04-27T22:39:16Z"
}

The AwsCredentials trait (and a straightforward implementation) looks like this:

trait AwsCredentials {
  def accessKeyId: String
  def secretKey: String
  def sessionToken: Option[String]
  def expiration: Option[Date]
}

case class SimpleAwsCredentials(accessKeyId: String, secretKey: String, sessionToken: Option[String] = None, expiration: Option[Date] = None) extends AwsCredentials

More information here: http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html

[q42jaap]

That sounds easy enough, shouldn't be that difficult to parse, thanks!

[EECOLOR]

If you have a working implementation would you be willing to put it into a Gist and post a link here?

That could help other people in the future and I might (if I find the time) include a version to one of the libraries.

[mellster2012]

For the example above, something along those lines (assuming play2 support): https://gist.github.com/mellster2012/b4eea2ba0f3d33126d0e