You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When running AWS API commands from an EC2 instance you can use IAM Roles for the EC2 instance to avoid managing credentials - temporary access keys are issued to the instance via STS and will be passed to applications automatically.
Is there a way to get the R53 DNS Plugin to use this instead of passing in a role name or access key?
The underlying PowerShell commands (Get-R53HostedZoneList, etc.) will work in this type of environment without specifying any credentials, but it looks like currently setting a profile name or access key is mandatory.
The text was updated successfully, but these errors were encountered:
I didn’t even realize this was an option. But in retrospect, of course it is. The Azure plugin has an option for something very similar. And I’d guess I would implement this in the same fashion. Rather than making the existing credential parameters optional, there’d be a switch parameter you can use to basically say, “Use embedded auth.”
I can probably even make it work without the AwsPowershell module dependency eventually.
So yeah, thanks for the request! I can totally make this work.
There we go! You can now just specify R53UseIAMRole=$true in your plugin parameters to have it use the role associated with your instance. It even works without the AwsPowershell module being installed.
There are a couple additional things I'm trying to get into the next release. But until then, you can either grab the dev/master copy or just grab the updated plugin file.
When running AWS API commands from an EC2 instance you can use IAM Roles for the EC2 instance to avoid managing credentials - temporary access keys are issued to the instance via STS and will be passed to applications automatically.
Is there a way to get the R53 DNS Plugin to use this instead of passing in a role name or access key?
The underlying PowerShell commands (Get-R53HostedZoneList, etc.) will work in this type of environment without specifying any credentials, but it looks like currently setting a profile name or access key is mandatory.
The text was updated successfully, but these errors were encountered: