-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for Task Roles when running on ECS or CodeBuild #1425
Conversation
…ELATIVE_URI env var is defined
When is this going to be merged? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution.
Thinking out laud:
It would've been safer to have a test with mock of the ECS/IAM credentials endpoint and just append the provider at all times.
That would however require new skip_*
option in the provider block, so that folks running in some obscure environments sensitive on overall no of API calls can avoid it.
So to sum it up - it's probably not worth the effort until this method of auth is going to expand.
I did test this in a real ECS environment (slightly modified example, CoreOS latest stable, latest ECS agent) - it worked fine, so this LGTM. 👍
Add support for Task Roles when running on ECS or CodeBuild
Is this solving hashicorp/terraform#16278? I'm still facing the issue with TF 0.11.1 and AWS provider 1.6 - Error configuring the backend "s3": No valid credential sources found for AWS Provider. |
I can confirm this is now working in CodeBuild WITHOUT the pre_build phase I posted above. Terraform 0.11.7 and Terraform AWS provider 1.14.1. Brilliant work 👍 |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
This is a port of my original PR #14199 from the terraform repo, before the provider spin-off in 0.10+. It addresses #259.
Here's the comment from the original PR:
The benefit of this approach is that it falls back to the default AWS SDK to obtain ECS credentials. It may be valuable to always fall back to the default SDK unless specific terraform overrides are configured, rather than providing a custom credentials bootstrap or mimicking the SDK behavior, so that terraform is able to automatically take advantage of future updates to the SDK's credential-finding behavior.