Should use instance role permissions instead of access keys #21
Comments
|
+1 |
1 similar comment
|
+1 |
|
I see what you mean, but at the moment I'm running this script on 1 server outside AWS for many different customers, each customer has it's own config. Also the developement of the script has been put on hold for a while because we made a newer version with a GUI and also multiple schedules, rententions and authorizations. This is a product of Oblivion Cloud Control (http://oblcc.com) |
|
I agree - this would be a really good feature to have for security. |
|
Has anyone tried using assume-role and snapshoting multiple aws accounts using this method? I noticed the config.py mentions, "(alternatively can be set up as environment variables)", but how do I set it up as environment variables? I tried assume-role, parsing out the information then assigning to $aws_access_key and $aws_secret_key, but it ran the snapshot in the aws environment where the aws-snapshot-tool is installed. I have the trust setup between the two aws accounts. I want run across multiple aws accounts so I don't have to run a single instance in each aws account just for backups and it wouldn't be helpful to setup the aws-snapshot-tool on a different server in each environment. |
|
For me, the solution was to change the config to and upgrade Boto to at least version 2.5.1 ( What will happen is that Boto will automatically find your IAM instance profile and use it for authentication. No credentials needed! |
it'd be great if we didn't need to provide access key's in the config, and instead utilise amazons ec2 instance profile - http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html
The text was updated successfully, but these errors were encountered: