Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for Task Roles when running on ECS or CodeBuild #1425

Merged
merged 2 commits into from
Sep 11, 2017
Merged

Add support for Task Roles when running on ECS or CodeBuild #1425

merged 2 commits into from
Sep 11, 2017

Conversation

jekh
Copy link
Contributor

@jekh jekh commented Aug 15, 2017

This is a port of my original PR #14199 from the terraform repo, before the provider spin-off in 0.10+. It addresses #259.

Here's the comment from the original PR:

[This PR] adds the RemoteCredProvider from the AWS SDK if the AWS_CONTAINER_CREDENTIALS_RELATIVE_URI environment variable is set. The RemoteCredProvider uses the value of that environment variable and appends it to the hard-coded URL http://169.254.170.2, and uses the resulting URL to obtain Task Role credentials.

The benefit of this approach is that it falls back to the default AWS SDK to obtain ECS credentials. It may be valuable to always fall back to the default SDK unless specific terraform overrides are configured, rather than providing a custom credentials bootstrap or mimicking the SDK behavior, so that terraform is able to automatically take advantage of future updates to the SDK's credential-finding behavior.

@jekh jekh mentioned this pull request Aug 15, 2017
Closed
@kshcherban
Copy link

When is this going to be merged?

@Ninir Ninir requested a review from catsby September 7, 2017 20:40
@radeksimko radeksimko requested review from radeksimko and removed request for catsby September 8, 2017 14:59
radeksimko
radeksimko approved these changes Sep 11, 2017
View reviewed changes
Copy link
Member

@radeksimko radeksimko left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution.

Thinking out laud:

It would've been safer to have a test with mock of the ECS/IAM credentials endpoint and just append the provider at all times.

That would however require new skip_* option in the provider block, so that folks running in some obscure environments sensitive on overall no of API calls can avoid it.

So to sum it up - it's probably not worth the effort until this method of auth is going to expand.

I did test this in a real ECS environment (slightly modified example, CoreOS latest stable, latest ECS agent) - it worked fine, so this LGTM. 👍

@radeksimko radeksimko merged commit e395965 into hashicorp:master Sep 11, 2017
@radeksimko radeksimko added the enhancement Requests to existing resources that expand the functionality or scope. label Sep 11, 2017
This was referenced Sep 11, 2017
Closed
Closed
nbaztec pushed a commit to nbaztec/terraform-provider-aws that referenced this pull request Sep 26, 2017
@radeksimko
Merge pull request hashicorp#1425 from jekh/support-ecs-task-roles
de60b51 
Add support for Task Roles when running on ECS or CodeBuild
@jekh jekh deleted the support-ecs-task-roles branch October 16, 2017 04:50
@jekh jekh mentioned this pull request Oct 16, 2017
Open
@jch254
Copy link

jch254 commented Jan 5, 2018

Is this solving hashicorp/terraform#16278? I'm still facing the issue with TF 0.11.1 and AWS provider 1.6 - Error configuring the backend "s3": No valid credential sources found for AWS Provider.

@jch254
Copy link

jch254 commented Apr 18, 2018

I can confirm this is now working in CodeBuild WITHOUT the pre_build phase I posted above. Terraform 0.11.7 and Terraform AWS provider 1.14.1. Brilliant work 👍

@jeancochrane jeancochrane mentioned this pull request Nov 27, 2018
Closed
@ghost
Copy link

ghost commented Apr 6, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!

@ghost ghost locked and limited conversation to collaborators Apr 6, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@radeksimko radeksimko radeksimko approved these changes

Assignees
No one assigned
Labels
enhancement Requests to existing resources that expand the functionality or scope.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@jekh @kshcherban @jch254 @radeksimko