tyrken
commented
6 years ago ... looks like you knew this already from #1043, but I didn't find it until now!
Closed tyrken closed 6 years ago
tyrken
commented
6 years ago ... looks like you knew this already from #1043, but I didn't find it until now!
If you use 'emp run' to get an interactive shell to an app with EMPIRE_X_TASK_ROLE_ARN set, you might expect to get the right AWS creds, especially after #1063.
Unfortunately, the fix wasn't working for us - I suspect as we didn't have the Patched ECS agent nor EMPIRE_ECS_ATTACHED_ENABLED mentioned at the bottom of http://empire.readthedocs.io/en/latest/configuration/#show-attached-runs-in-emp-ps. Hence our empire install uses the Docker Client direct run method & can't set a random ARN.
Maybe this could be worked around by a quick call to STS & passing in the key/secret-key/session-token environment variables, which would be good for an hour but need assume-role permissions...