Support AWS instance profiles
hobu opened this issue · comments
Howard Butler commented
As described in PDAL/PDAL#1448
Michael D. Smith commented
So the method for getting this information, if not using the SDKs, is to use curl to query the instance metadata to get the credentials
-
Get the IAM role available from the instance:
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/
-
Get the credentials from the call to that role
curl http://169.254.169.254/latest/meta-data/iam/security-credentials/<role_from_step1>
This returns JSON of the temp security credentials:
{
"Code" : "Success",
"LastUpdated" : "2016-12-18T16:04:09Z",
"Type" : "AWS-HMAC",
"AccessKeyId" : "<access_key_id>",
"SecretAccessKey" : "<secret_access_key>",
"Token" : "<token>",
"Expiration" : "2016-12-18T22:38:19Z"
}
- Then use these credentials to access as outlined here (http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp_use-resources.html)
I think a new expiration date in generated every 15 min