Support role assumption #19
Comments
|
Related: how about using the AWS metadata endpoint together with EC2 instance roles so that you don't have to configure AWS keys at all using the AWS SDK? That way one might just spin up a premade AMI, set an instance role for it with the necessary AWS permissions and everything would be ready to go. |
|
@vegardvaage we already use the default credential provider chain. So if you are running in an instance with instance-profile attached it will use that: http://docs.aws.amazon.com/sdk-for-java/v1/developer-guide/credentials.html |
|
There is a little bit of work to support this WIP https://github.com/ThreatResponse/aws_ir/tree/feature/session_handling For now I'm going to recommend that users simple use boto profiles and pass those as an optional arg OR set environment vars for AWS_DEFAULT_PROFILE |
Follow best practices for assumeRole following the Netflix model of having an:
aws_ir should be able to create these roles for assumption should they not exist given appropriate privilege for the initial examiner.
The text was updated successfully, but these errors were encountered: