As I understand your docu, the only way to test specs is to provide amazons key & key secret.
This means, amazons assume role feature is not supported yet?

BR, jerger

Assume role is definitely supported and working!

Definitely works.

@jerger how would you run tests against an instance using secret key? This ssh's into it using the --key-name and --key-file params.

I don't see any references to secret keys

Sorry, I don't know where my brain was at, instance profiles are supported. Assuming a role is best done before you call ami-spec like so:

aws sts assume-role --role-arn ...
ami-spec ...

Okay. So let me rephrase my question:
1.) assume-role will work for creating a test-instance from ami?
2.) the parameters --key-name and --key-file has to point to a key residing in aws?
3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed the given ssh-credentials ?

My ami allready contains needed credentials - so step 2. - 3. is not necessary to me ...

HI Jerger,

1.) assume-role will work for creating a test-instance from ami?

Yes, as listed above

2.) the parameters --key-name and --key-file has to point to a key residing in aws?

Key name refers to an existing AWS SSH key, the key-file just needs to point to any private key that the instance will allow you to login with.

3.) the --ssh-user @ test-instance will get the --key-file injected - so server-spec tests can be executed

AWS injects the key-name at bootup, the key-file and ssh-user doesn't have to map to the key-name, they could be different keys.

You could always just set --key-name to an existing key, but then ignore it and point --key-file at your existing SSH key. Unfortunately at the moment --key-name is a required parameter, although that's not strictly necessary as you can launch instances with no SSH key injected at boot.

Great - thanx for clarifying :)