i've made some changes to this module that will allow it to use EC2 instance profile credentials instead of locally stored key/secret.
for some background: Amazon IAM allows you to assign security roles to server instances in EC2. If you attempt to authenticate with the SDK and omit the key/secret, but add the default cache config location, the SDK will check if the server is running on EC2, and if it has an IAM role assigned. If it does, then it will download temporary credentials in to the default cache config location, which will allow it to authenticate using its role assigned from IAM.
This has a few benefits, probably the greatest of which is that it eliminates the need to store amazon credentials in a more permanent way.
I will post my patch shortly. The changes are simple. It adds a config setting that tells the module to attempt to use the instance profile credentials, and if this option is set to true, it will omit the key and secret from the authentication request, and add the default cache config.
| Comment | File | Size | Author |
|---|---|---|---|
| #1 | use_instance_profile-2105225.patch | 1.68 KB | aviindub |
Comments
Comment #1
aviindub commentedpatch.