Giters

connormanning / arbiter

Uniform access to the filesystem, HTTP, S3, GCS, Dropbox, etc.

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Support AWS instance profiles

hobu opened this issue · comments

commented

As described in PDAL/PDAL#1448

commented

So the method for getting this information, if not using the SDKs, is to use curl to query the instance metadata to get the credentials

  1. Get the IAM role available from the instance:
    curl http://169.254.169.254/latest/meta-data/iam/security-credentials/

  2. Get the credentials from the call to that role
    curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role_from_step1>

This returns JSON of the temp security credentials:

{
  "Code" : "Success",
  "LastUpdated" : "2016-12-18T16:04:09Z",
  "Type" : "AWS-HMAC",
  "AccessKeyId" : "<access_key_id>",
  "SecretAccessKey" : "<secret_access_key>",
  "Token" : "<token>",
  "Expiration" : "2016-12-18T22:38:19Z"
}
  1. Then use these credentials to access as outlined here (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)

I think a new expiration date in generated every 15 min