IAM role / authentication for Amazon ECS
138 views
Skip to first unread message
Jason Axley
Jul 26, 2016, 6:01:01 PM7/26/16
to Vault
Amazon recently rolled out ECS Task-level IAM role support http://docs.aws.amazon.com/AmazonECS/latest/developerguide/task-iam-roles.html Which provides finer-grained policy application than just at the EC2 docker host level. Wonder if there are already plans to enhance the AWS EC2 auth backend https://www.vaultproject.io/docs/auth/aws-ec2.html to support these or if it's known to work already?
-Jason
Jeff Mitchell
Jul 26, 2016, 6:35:06 PM7/26/16
to vault...@googlegroups.com
Hi Jason,
We're aware of the new support, but it still doesn't provide enough
information for external services to verify identity. We did get a
reach-out from the team and did put in an ask; you can see the issue
tracking the necessary support at
https://github.com/aws/amazon-ecs-agent/issues/451 and the issue
comment linked from the first post there.
From a customer perspective, putting pressure on your AWS contact to
resolve that issue is the best thing you can do to help shepherd the
necessary bits for support :-)
Best,
Jeff
> --
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ae465c86-c161-4d9d-a5f3-730984c872cf%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
We're aware of the new support, but it still doesn't provide enough
information for external services to verify identity. We did get a
reach-out from the team and did put in an ask; you can see the issue
tracking the necessary support at
https://github.com/aws/amazon-ecs-agent/issues/451 and the issue
comment linked from the first post there.
From a customer perspective, putting pressure on your AWS contact to
resolve that issue is the best thing you can do to help shepherd the
necessary bits for support :-)
Best,
Jeff
> This mailing list is governed under the HashiCorp Community Guidelines -
> https://www.hashicorp.com/community-guidelines.html. Behavior in violation
> of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups
> "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/vault-tool/ae465c86-c161-4d9d-a5f3-730984c872cf%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages