Project

General

Profile

Feature #15599

Updated by Tom Clegg over 4 years ago

 
 AWS best practice for services running on EC2 is to use IAM roles for authentication. The AWS go sdk supports this natively, cf. https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html 

 It would be nice if Keepstore supported IAM roles, perhaps falling back to that authentication method when SecretKeyFile and AccessKeyFile are not supplied in the configuration file. Maybe using the metadata to detect that it's running on EC2 first so we don't provide confusing information when no credentials are present and Keepstore is running elsewhere. 

 Getting credentials from instance metadata: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials

Back