hjacobs
commented
9 years ago Proof from my recently deployed etcd-cluster:
ct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,933 - "GET /latest/dynamic/instance-identity/document HTTP/1.1" 200 424
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,935 - Retrieving credentials from metadata server.
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,941 - Retrieved credentials will expire in 6:20:03.058662 at: 2015-10-29T22:45:12Z
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,941 - Method: POST
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,941 - Path: /
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - Data:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - Headers: {}
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - Host: ec2.eu-west-1.amazonaws.com
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - Port: 443
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - Params: {'Filter.1.Name': 'instance-id', 'Filter.1.Value.1': 'i-e06a8c59', 'Version': '2014-10-01', 'Action': 'DescribeInstances'}
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,942 - establishing HTTPS connection: host=ec2.eu-west-1.amazonaws.com, kwargs={'port': 443, 'timeout': 70}
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,943 - Token: LONG-STRING-HERE
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,943 - CanonicalRequest:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: POST
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: /
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: host:ec2.eu-west-1.amazonaws.com
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: x-amz-date:20151029T162508Z
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: x-amz-security-token:XXXX
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: host;x-amz-date;x-amz-security-token
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: b6f6d836e7b9471932096cbcfca4bb44b893de3618f22df82809c9a40c4008ee
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,943 - StringToSign:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: AWS4-HMAC-SHA256
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: 20151029T162508Z
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: 20151029/eu-west-1/ec2/aws4_request
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: a0c5b2694c20d39e0ffed1e96c15cd0fe0de6a16ef5b5374418d8a05a767db04
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,943 - Signature:
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: e7f8e90000d37b9ecce6e7e333d6fa40f33a1639750e2effa4c45b266b74f9d3
Oct 29 16:25:08 ip-172-31-130-108 docker/b598b857819a[860]: DEBUG 2015-10-29 16:25:08,944 - Final headers: {'Host': 'ec2.eu-west-1.amazonaws.com', 'Authorization': 'AWS4-HMAC-SHA256 Credential=ASIAJIVWNYG3HG76GLVA/20151029/eu-west-1/ec2/aws4_request,SignedHeaders=host;x-amz-date;x-amz-security-token,Signature=e7f8e90000d37b9ecce6e7e333d6fa40f33a1639750e2effa4c45b266b74f9d3', 'X-Amz-Date': '20151029T162508Z', 'Content-Length': '97', 'Content-Type': 'application/x-www-form-urlencoded; charset=UTF-8', 'User-Agent': 'Boto/2.38.0 Python/3.4.3 Linux/3.13.0-48-generic', 'X-Amz-Security-Token': 
CyberDem0n
The etcd.py script is using DEBUG logging, this prints all the AWS requests including headers etc (and temporary signatures/keys).
Please fix (maybe you want to keep DEBUG logging for only the etcd module itself).