Support credential_source for use with IAM roles #1916
Comments
|
@hlarsen |
|
@chrisradek any updates? This would be super-helpful resolving the referenced serverless deploy issues! |
|
Is there any effort going on towards this feature? I'd like to give it a try and would be more than happy for any hints and things to watch out for. I assume the |
|
if it helps, I, too am looking for this feature. Migrated my code from laptop to ec2, just to find this missing. Would REALLY be sad if I had to rewrite everything in Python. |
|
Hey @mi5guided Have you tried to use the ChainableTemporaryCredentials? I think you can use EC2MetadataCredentials as the master credentials here and specify the roleArn you'd like to assume. |
|
THANK YOU @AllanFly120 ! Awesome work-around, that I can use quickly. I guess I can stop trying to port the functionality from boto3 to aws-sdk-js (especially since 3.0 is in preview). Thanks, again! |
|
Has this issue been fixed or any efforts toward fixing it? |
|
@hojatbay every once in a while I have some time and look at it a little. Have something running locally, but nothing in the extend of a PR so far. |
|
I've personally lost days due to lack of this feature. |
|
This missing feature is really painful. Is there any progress update? |
|
Looks like this comment fixes the issue serverless/serverless#3833 (comment): |
|
after exporting |
|
Feedback on when we might expect this functionality? |
|
It's a bit concerning that AWS itself doesn't take this feature seriously. Having this feature work is a must for good security as all of the workarounds involve access to the access keys somewhere. Is it really that hard to implement this given that it's already part of the AWS CLI? |
|
Hello, also an issue for me, need to assume roles from the environment, any progress? |
|
Can you try the ChainableTemporaryCredentials as mentioned above by Allan as a workaround. |
|
I dont like the ChainableTemporaryCredentials solution because if have to specify the RoleARN then you have to hardcode the account id or have it in a mapping, since that's a part of the ARN |
Added support for using `credential_source` in the standard aws config file. This wasn't previously supported because the JavaScript SDK does [not](aws/aws-sdk-js#1916) support it. This PR bypasses the limitation. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Hi everyone, Thank you for requesting this feature. The V2 SDK indeed does not support credential source. However, V3 SDK is providing this support now: this feature is supported in V3 SDK now: https://github.com/aws/aws-sdk-js-v3/tree/main/packages/credential-providers#profile-with-source-provider. So far we don't have plan to backport this feature to V2. |
|
As @AllanZhengYP mentioned this feature is a part of V3 now. I would close this issue now. |
It appears the js sdk doesn't support using credential_source to specify credentials from an EC2 instance role - this works with awscli and the ruby sdk. I'd love support for this, or a pointer to where I missed it if that's the case.
https://docs.aws.amazon.com/cli/latest/topic/config-vars.html#using-aws-iam-roles
The text was updated successfully, but these errors were encountered: