Feature #15599

Updated by Tom Clegg over 2 years ago

AWS best practice for services running on EC2 is to use IAM roles for authentication. The AWS go sdk supports this natively, cf. https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html

It would be nice if Keepstore supported IAM roles, perhaps falling back to that authentication method when SecretKeyFile and AccessKeyFile are not supplied in the configuration file. Maybe using the metadata to detect that it's running on EC2 first so we don't provide confusing information when no credentials are present and Keepstore is running elsewhere.

Getting credentials from instance metadata: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials