-
Notifications
You must be signed in to change notification settings - Fork 126
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should use instance role permissions instead of access keys #21
Comments
+1 |
1 similar comment
+1 |
I see what you mean, but at the moment I'm running this script on 1 server outside AWS for many different customers, each customer has it's own config. Also the developement of the script has been put on hold for a while because we made a newer version with a GUI and also multiple schedules, rententions and authorizations. This is a product of Oblivion Cloud Control (http://oblcc.com) |
I agree - this would be a really good feature to have for security. |
Has anyone tried using assume-role and snapshoting multiple aws accounts using this method? I noticed the config.py mentions, "(alternatively can be set up as environment variables)", but how do I set it up as environment variables? I tried assume-role, parsing out the information then assigning to $aws_access_key and $aws_secret_key, but it ran the snapshot in the aws environment where the aws-snapshot-tool is installed. I have the trust setup between the two aws accounts. I want run across multiple aws accounts so I don't have to run a single instance in each aws account just for backups and it wouldn't be helpful to setup the aws-snapshot-tool on a different server in each environment. |
For me, the solution was to change the config to
and upgrade Boto to at least version 2.5.1 ( What will happen is that Boto will automatically find your IAM instance profile and use it for authentication. No credentials needed! |
it'd be great if we didn't need to provide access key's in the config, and instead utilise amazons ec2 instance profile - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
The text was updated successfully, but these errors were encountered: