99designs / aws-vault

A vault for securely storing and accessing AWS credentials in development environments

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ECS Server URI needs to include the `get-credentials` path to support AWS SDK Libraries

jedschneider opened this issue · comments

  • I am using the latest release of AWS Vault
  • I have provided my .aws/config (redacted if necessary)
  • I have provided the debug output using aws-vault --debug (redacted if necessary)

Problem

When using the Ruby SDK, the ECS credential server is not being picked up by default, even though the AWS_CONTAINER_CREDENTIALS_FULL_URI is supported by the Ruby SDK (see the :endpoint option).

The ECS credentials are picked up if we override the existing env var:

% export AWS_CONTAINER_CREDENTIALS_FULL_URI=http://127.0.0.1:<port>/get-credentials
% irb
irb(main):001:0> require 'aws-sdk-core'
=> true
irb(main):002:0> client = Aws::STS::Client.new
=> #<Aws::STS::Client>
irb(main):003:0> client.get_caller_identity
=>
#<struct Aws::STS::Types::GetCallerIdentityResponse <redacted>>

AWS Vault Version

7.2.0-Homebrew