LFischerstrom
commented
4 years ago @captainsafia hi, would you be able to have a look and let me know how this looks?
Closed LFischerstrom closed 4 years ago
LFischerstrom
commented
4 years ago @captainsafia hi, would you be able to have a look and let me know how this looks?
captainsafia
commented
4 years ago @LFischerstrom Can you help me understand how this would be used?
LFischerstrom
commented
4 years ago @captainsafia Of course, this change enables multiple ways of authentication when using commuter with AWS and S3, I will list a few.
For the full list, see: https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CredentialProviderChain.html#defaultProviders-property
Through EnvironmentCredentials you can authenticate in the same way as it currently supported by commuter.
The change will be to use the standard environmental variables (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN) instead of the custom ones for commuter (COMMUTER_S3_KEY, COMMUTER_S3_SECRET).
Additionally there will be support for authenticating using a session token through AWS_SESSION_TOKEN which is required when authenticating through a role or using MFA.
Our primary use-case is that we have multiple AWS profiles that we use when authenticating towards AWS with.
With the change we can run:
$ AWS_PROFILE=some-profile COMMUTER_STORAGE_BACKEND=s3 COMMUTER_BUCKET=s3://some/bucket commuterwhich references ~/.aws/credentials:
[some-profile]
aws_access_key_id=...
aws_secret_access_key=...
[some-other-profile]
aws_access_key_id=...
aws_secret_access_key=...For this case, the change is that before only the default profile was supported, now you can specify which profile you want to use using the environment variable AWS_PROFILE.
(This way of authentication uses SharedIniFileCredentials)
When deploying commuter on ECS you could make use of the built in authentication using IAM Roles for Tasks through ECSCredentials
captainsafia
commented
4 years ago @LFischerstrom Got it! Thanks for clarifying. Can you update the docs with this info?
LFischerstrom
commented
4 years ago @captainsafia updated documentation, I covered what I think is the most common use-cases and added a link for more info if needed.
LFischerstrom
commented
4 years ago @captainsafia thanks, is it possible to release this change as well?
captainsafia
commented
4 years ago Published in @nteract/commuter@5.11.0. Let me know how it looks!
LFischerstrom
commented
4 years ago Works good, thanks!
CredentialProviderChain[1] provides a number of different options on how to configure AWS credentials.Changes:
COMMUTER_S3_KEYandCOMMUTER_S3_SECRETis not setCOMMUTER_S3_KEYandCOMMUTER_S3_SECRETas deprecated in favour ofAWS_ACCESS_KEY_IDandAWS_SECRET_ACCESS_KEYTODO:
[1] https://docs.aws.amazon.com/AWSJavaScriptSDK/latest/AWS/CredentialProviderChain.html