Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
21 lines (16 sloc) 1.21 KB

Agent plugin: NodeAttestor "aws_iid"

Must be used in conjunction with the server-side aws_iid plugin

The aws_iid plugin automatically attests instances using the AWS Instance Metadata API and the AWS Instance Identity document. It also allows an operator to use AWS Instance IDs when defining SPIFFE ID attestation policies.

Configuration Description Default
identity_document_url URL pointing to the AWS Instance Identity Document. http://169.254.169.254/latest/dynamic/instance-identity/document
identity_signature_url URL pointing to the AWS Instance Identity Signature. http://169.254.169.254/latest/dynamic/instance-identity/signature

A sample configuration:

    NodeAttestor "aws_iid" {
        plugin_data {
            identity_document_url = "http://169.254.169.254/latest/dynamic/instance-identity/document"
            identity_signature_url = "http://169.254.169.254/latest/dynamic/instance-identity/signature"
        }
    }
You can’t perform that action at this time.