Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: configure ExAws without env vars #1940

Closed
wants to merge 4 commits into from
Closed

feat: configure ExAws without env vars #1940

wants to merge 4 commits into from

Conversation

thecristen
Copy link
Collaborator

In the interest of best security practice, we can remove reliance on hardcoded AWS_ACCESS_KEY_ID and
AWS_SECRET_ACCESS_KEY environment variables by configuring the ExAws dependency in this particular way! I also did some light updating to associated docs, which includes using AWS CLI.

Can the current devs confirm (via approval or comment on this PR) that this setup works on their machines? @kotva006 @anthonyshull @amaisano

@thecristen thecristen requested a review from a team as a code owner March 22, 2024 01:39
@anthonyshull
Copy link
Contributor

anthonyshull commented Mar 22, 2024
edited
Loading

My concern is that this won't work running locally in Docker. My preference would be to create a mock of ExAws and use that locally. Then we could get rid of this configuration altogether.

kotva006
kotva006 approved these changes Mar 25, 2024
View reviewed changes
Copy link
Contributor

@kotva006 kotva006 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works pretty slick

@thecristen thecristen mentioned this pull request Mar 26, 2024
Merged
anthonyshull
anthonyshull requested changes Mar 26, 2024
View reviewed changes
config/deps/deps.exs Outdated
Comment on lines 4 to 5
access_key_id: [{:awscli, "default", 30000}],
secret_access_key: [{:awscli, "default", 30000}]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This assumes that the configuration being used is the default configuration. This won't work for people for whom these credentials are under another configuration name.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call, I'll switch it to using the system's via (from ExAws):

Alternatively, if you already have a profile name set in the AWS_PROFILE environment variable, you can use that with {:awscli, :system, timeout}

@anthonyshull
Copy link
Contributor

@thecristen pretty sure we don't need this now that we have this working both locally and in docker compose

@thecristen
Copy link
Collaborator Author

Covered elsewhere.

@thecristen thecristen closed this Mar 28, 2024
@thecristen thecristen deleted the cbj/ex-aws-credentials-config branch March 28, 2024 19:35
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kotva006 kotva006 kotva006 approved these changes

@anthonyshull anthonyshull Awaiting requested review from anthonyshull

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@thecristen @anthonyshull @kotva006