Ec2 Instance ID uniqueness -- identity-whitelist
376 views
Skip to first unread message
kamalakar vadla
Apr 26, 2017, 5:35:18 PM4/26/17
to Vault
- If AWS ec2 instance-id is not unique across multiple accounts ? then how can "identity-whitelist" will help me to restrict "disallow-reauthentication"? ( that means my requirement is not to allow an instance id to give more than one token)
- How frequently AWS ec2 instance-id is reused ? i mean assume that an ec2 instance instance id is "i-abcd", got authenticated with aws-ec2 auth backend and got the token and then I have teardown that instance, now when i provision an ec2 instance, if it gets instance id as i-abcd then how can we solve this without clearing "identity-whitelist" ?
Regards
KV
Jason Martin
Apr 26, 2017, 5:43:27 PM4/26/17
to vault...@googlegroups.com
Instance id is globally unique, see
https://forums.aws.amazon.com/message.jspa?messageID=319825.
-Jason Martin
On Wed, Apr 26, 2017 at 02:35:18PM -0700, kamalakar vadla wrote:
>
>
> - If AWS ec2 instance-id is not unique across multiple accounts ? then
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/e506ed01-d39d-41c3-abe0-a305c48ff403%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
https://forums.aws.amazon.com/message.jspa?messageID=319825.
-Jason Martin
On Wed, Apr 26, 2017 at 02:35:18PM -0700, kamalakar vadla wrote:
>
>
> - If AWS ec2 instance-id is not unique across multiple accounts ? then
> how can "identity-whitelist" will help me to restrict
> "disallow-reauthentication"? ( that means my requirement is not to allow an
> instance id to give more than one token)
> - How frequently AWS ec2 instance-id is reused ? i mean assume that an
> "disallow-reauthentication"? ( that means my requirement is not to allow an
> instance id to give more than one token)
> ec2 instance instance id is "i-abcd", got authenticated with aws-ec2 auth
> backend and got the token and then I have teardown that instance, now when
> i provision an ec2 instance, if it gets instance id as i-abcd then how can
> we solve this without clearing "identity-whitelist" ?
>
>
> Regards
> KV
>
> --
> backend and got the token and then I have teardown that instance, now when
> i provision an ec2 instance, if it gets instance id as i-abcd then how can
> we solve this without clearing "identity-whitelist" ?
>
>
> Regards
> KV
>
> This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
>
> GitHub Issues: https://github.com/hashicorp/vault/issues
> IRC: #vault-tool on Freenode
> ---
> You received this message because you are subscribed to the Google Groups "Vault" group.
> To unsubscribe from this group and stop receiving emails from it, send an email to vault-tool+...@googlegroups.com.
> To view this discussion on the web visit https://groups.google.com/d/msgid/vault-tool/e506ed01-d39d-41c3-abe0-a305c48ff403%40googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages