Closed ereli-cb closed 5 years ago
@ereli-cb thanks for PR, please elaborate how is this different than just picking up credential information from env variables? also looks like builds failed, please check more info following links above. thanks!
The build got fixed, it was just some PEP8 linter errors. As for reading keys from env variables, those aren't available in ec2 instances, instead, AWS offers you do a way to get them using http request to their secrets servers. you can do it manually using
AWS_ROLE="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/)"
export AWS_ACCESS_KEY_ID="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.AccessKeyId' -cr)"
export AWS_SECRET_ACCESS_KEY="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.SecretAccessKey' -cr)"
export AWS_SECURITY_TOKEN="$(curl 169.254.169.254/latest/meta-data/iam/security-credentials/$AWS_ROLE|jq '.Token' -cr)"
instead of using bash
, curl
and jq
, this PR uses botocore
, which is also aware of the token expiry time window.
@ereli-cb sorry did not have a chance to follow up on this, hopefully soon (caught a nasty flu)
resolved in https://github.com/okigan/awscurl/pull/63
Allows awscurl to work on aws ec2 instances using the instance's IAM role.