ThomasK33
commented
1 year ago Hey @larse514 👋
Is this functionality supported by the aws provider?
Yes, it is supported, but it depends on how one sets it up.
As in, if we run our application within the devpod contained IDE, will the AWS SDK have access to the EC2 instance metadata service within the container?
The devpod AWS provider supports setting an AWS_INSTANCE_PROFILE_ARN variable, applying a pre-existing instance profile to the EC2 instance, which in turn can grant further IAM policies to the instance so that credentials obtained using IMDSv2 (or IMDSv1) can have access to further services.
Alternatively, one might install the AWS CLI + AWS SSO in the dev container and perform an SSO-based login with temporary credentials obtained.
Furthermore, one might "just" configure the AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, and any further necessary environment variables when working from within the dev container. (At runtime, so to speak)
larse514
I am evaluating devpods, and specifically the aws provider, for my company and I'm still trying to wrap my head around some of the functionality and intended use.
Part of our existing developer workflows is to run things like e2e tests locally. These tests will often require permissions do thing like write to an S3 bucket, publish messages to SQS, etc.
Is this functionality supported by the aws provider? As in, if we run our application within the devpod contained IDE, will the AWS SDK have access to the EC2 instance metadata service within the container?