aws credentials on windows

[silarsis]

Wondering whether this should work or not, but I'm using http://docs.aws.amazon.com/powershell/latest/userguide/specifying-your-aws-credentials.html to store my credentials, but the amazon-windows-ebs when run in a powershell with those credentials loaded doesn't find the credentials.

Is that expected behaviour, and/or is it worth supporting aws stored credentials in powershell?

[silarsis]

misunderstanding on my behalf, please ignore

[mefellows]

I was literally just reading through this/the docs - what was the misunderstanding?

[silarsis]

I'm passing aws credentials in as parameters in the packer aws.json file. I was assuming that having the variables set in my shell would translate to them being passed in automatically, but I think I was getting confused because I'd previously been doing the builds in a docker container that passed those env variables through as arguments to the build.

If I provide them on the command line, I believe it will all work as I'd expect. Even if this was an issue, I'm not sure it's an issue for this project...

[mefellows]

Ah no worries. You shouldn't need to pass them through explicitly but you can if it's easier. Packer (and our plugins) will automatically search the following locations:

• Via the keys if provided in the builder configuration
• The credentials file (unencrypted) http://docs.aws.amazon.com/cli/latest/userguide/cli-chap-getting-started.html#cli-config-files
• Environment variables

[silarsis]

ahhh, so I sorta was on the right path. Is there any sense in having the windows plugin also check Get-AWSCredentials ?

[mefellows]

I'll take a look at how that Cmdlet stores the keys and see if we can slot that into the precedence hierarchy - we'll have to avoid any non-interoperable things so we can continue to use it across platform, so hopefully there won't be any need to shell out to Windows processes!

[silarsis]

Cool, thanks. For record, in my powershell, the following works:

(get-awscredentials -profilename XXX).getcredentials()

That spits out the access key and secret key in a readable form.

[mefellows]

Have put a bit of thought into this, at SEEK we ended up created a set of PoSH scripts that wrapped these Cmdlets and a custom ADFS integration, which then exposes the AWS env variables out to the shell (including the temporary session tokens). This is probably the way to go about it to avoid messy auth issues as currently we delegate responsibility to the underlying Go AWS SDK rather cleanly.

So, long story short, good idea but I think we'll close this issue off ;)