Use EC2 role for auth?
18 views
Skip to first unread message
Braden Pellett (GP SCD DIGI ENG)
Feb 4, 2020, 5:26:26 PM2/4/20
to s3...@googlegroups.com
Hi,
Sorry if this is covered somewhere and I missed it, but if one is running s3ql on an EC2 instance, is there a way to use that EC2 instance's role for authentication?
Thanks,
Braden
Sorry if this is covered somewhere and I missed it, but if one is running s3ql on an EC2 instance, is there a way to use that EC2 instance's role for authentication?
Thanks,
Braden
Esteban Fonseca
Feb 4, 2020, 6:22:12 PM2/4/20
to Braden Pellett (GP SCD DIGI ENG), s3...@googlegroups.com
Hi,
Yes, you create a user, then give the user access to S3 (In my case AmazonS3FullAccess), then on the user, go to Security Credentials, create a key, and with that key you can setup an auth file like this:
/etc/s3ql_authinfo
[s3]
storage-url: s3://
backend-login: [KEY_NAME]
backend-password: [KEY_PASSWORD]
[s3]
storage-url: s3://
backend-login: [KEY_NAME]
backend-password: [KEY_PASSWORD]
which then you can use like this:
/usr/local/bin/mount.s3ql --authfile /etc/s3ql_authinfo s3://zone/bucket-name /mountpoint
--
You received this message because you are subscribed to the Google Groups "s3ql" group.
To unsubscribe from this group and stop receiving emails from it, send an email to s3ql+uns...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/s3ql/20200204222620.evm53eyoyfwil7vj%40bradenhp.localdomain.
Braden Pellett (GP SCD DIGI ENG)
Feb 4, 2020, 6:38:06 PM2/4/20
to s3...@googlegroups.com
Hi,
Thank you, though, instead of using a user's key on an EC2 instance, I
was wondering about if there is a way to use the EC2 instance role's
credentials, such as described here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
Thanks,
Braden
Thank you, though, instead of using a user's key on an EC2 instance, I
was wondering about if there is a way to use the EC2 instance role's
credentials, such as described here:
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
Thanks,
Braden
Daniel Jagszent
Feb 4, 2020, 8:03:16 PM2/4/20
to s3...@googlegroups.com
Hi Braden,
this method: https://github.com/s3ql/s3ql/blob/d5e85e633885af44545c9e230be3d09ae6073b12/src/s3ql/backends/s3.py#L233-L240
(if you can set X-aws-ec2-metadata-token-ttl-seconds to last longer than a day)
not at the moment. But you can probably create a new backend relatively easy. Your new backend needs to be a sub-class of s3.Backend and probable only needs to overwrite[...] I was wondering about if there is a way to use the EC2 instance role's credentials, such as described here: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/iam-roles-for-amazon-ec2.html#instance-metadata-security-credentials
this method: https://github.com/s3ql/s3ql/blob/d5e85e633885af44545c9e230be3d09ae6073b12/src/s3ql/backends/s3.py#L233-L240
(if you can set X-aws-ec2-metadata-token-ttl-seconds to last longer than a day)
Reply all
Reply to author
Forward
0 new messages