Provide an API for fetching IAM creds with read only access to the manifest bucket

[mikehale]

No description provided.

[dylanegan]

@mikehale what's the requirement for this? Just for viewing outside of the application/direct URLs?

[mikehale]

So I was thinking about the following scenario. I want to access the manifest directly on S3 without depending on the manifesto app. In the case where the manifest is private the client will need AWS access keys to access the urls. This API would allow minimal credentials to be provided to the client on an user by user basis that the client could then cache and use to fetch the manifest url directly from S3.

Perhaps something like this:

$ export MANIFESTO_URL="https://user:pass@app/api"                                                                                                                                                                                    
$ candidate manifest credentials -a app_name -m manifest > .user_creds                                                                                                                                                                     
$ source .user_creds
$ candidate manifest -a app_name -m manifest # prints current manifest to stdout

[dylanegan]

@mikehale that makes sense to me. I'm not 100% on private S3 URLs and what is actually required for accessing so I'll leave this mostly up to you.