Skip to content
This repository has been archived by the owner on Jan 9, 2023. It is now read-only.

Use assume-role via .aws/config #277

Open
charlieegan3 opened this issue Jun 4, 2018 · 1 comment
Open

Use assume-role via .aws/config #277

charlieegan3 opened this issue Jun 4, 2018 · 1 comment
Labels
kind/feature Categorizes issue or PR as related to a new feature.

Comments

@charlieegan3
Copy link
Contributor

Is this a BUG REPORT or FEATURE REQUEST?:
/kind feature

What happened:
When running tarmak as part of a jenkins pipeline I found that I was unable to use assume role config options in my ~/.aws/config file to grant tarmak the correct permissions.

For reference I was using variations on config that looked like this, where PROFILE is the name referenced by the tarmak.yaml

[profile PROFILE]
role_arn = ARN
role_session_name = name
credential_source = Ec2InstanceMetadata

What you expected to happen:
After finding that this worked with the aws cli commands, I expected tarmak and terraform to work too.

Anything else we need to know?:
This is caused by a shortcoming in the aws go sdk aws/aws-sdk-go#1019 (comment)
If you're unfamiliar with the aws assumerole config options, this might be helpful: https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles

At the time of writing, the go sdk only supports a profile with credentials referenced with source profile: https://docs.aws.amazon.com/sdk-for-go/api/aws/session/

@jetstack-bot jetstack-bot added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 4, 2018
@q3aiml
Copy link

q3aiml commented Jan 15, 2019

This is now supported by the aws sdk with aws/aws-sdk-go#2201 (thanks to aws/aws-sdk-go#1019 (comment) for the heads up)

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
kind/feature Categorizes issue or PR as related to a new feature.
Projects
None yet
Development

No branches or pull requests

3 participants