Closed ereli-cb closed 5 years ago
okigan
commented
5 years ago @ereli-cb thanks for PR, please elaborate how is this different than just picking up credential information from env variables? also looks like builds failed, please check more info following links above. thanks!
ereli-cb
commented
5 years ago The build got fixed, it was just some PEP8 linter errors. As for reading keys from env variables, those aren't available in ec2 instances, instead, AWS offers you do a way to get them using http request to their secrets servers. you can do it manually using
AWS_ROLE="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/)"
export AWS_ACCESS_KEY_ID="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.AccessKeyId' -cr)"
export AWS_SECRET_ACCESS_KEY="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.SecretAccessKey' -cr)"
export AWS_SECURITY_TOKEN="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.Token' -cr)"instead of using bash, curl and jq, this PR uses botocore, which is also aware of the token expiry time window.
okigan
commented
5 years ago @ereli-cb sorry did not have a chance to follow up on this, hopefully soon (caught a nasty flu)
okigan
commented
5 years ago resolved in https://github.com/okigan/awscurl/pull/63
Allows awscurl to work on aws ec2 instances using the instance's IAM role.