-
-
Notifications
You must be signed in to change notification settings - Fork 3.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Extract AWS Account ID from IAM access key ids (again) #8138
Conversation
3aa30ae
to
adfe847
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
f4b05b5
to
7384da3
Compare
12988fb
to
67e98d0
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Awesome we can now revert the revert 👍
Why are 5 files changed to revert a change to 2 files? 😄 It looks like this adds a new config PARITY_AWS_ACCESS_KEY_ID Is it possible now to force localstack to use the 0's default id in all cases and not complain about receiving a real "production" id? It looks like PARITY_AWS_ACCESS_KEY_ID provides a way to use the real id and not complain about it... Where are these different options documented? |
@joebowbeer: Thanks for highlighting the missing docs, it is being added with localstack/docs#613 |
Reintroduces changes made with #7045
Motivation
We still need to properly extract the account id from the IAM access key id, and its already encoded properly in there.
On the first try, we encountered issues with users having real AWS credentials in their environment, which led to several problems, as suddenly they were using multi account.
Changes
L
instead of anA
. So, for account000000000000
a user access key would beLKIAQAAAAAAALILNVHFS
instead ofAKIAQAAAAAAALILNVHFS
. This allows us to distinguish AWS credentials from LocalStack credentials, while leaving the rest of the access key id format identical.This depends on getmoto/moto#6210 for a bugfix affecting the tests.