Support for IAM roles?
Bug #1316602 reported by
justinsb
This bug affects 4 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Canonical Juju |
Fix Released
|
High
|
Thomas Miller | ||
juju-core |
Won't Fix
|
Low
|
Unassigned |
Bug Description
Is there any way Juju could support IAM roles with the EC2 provider, rather than requiring the user to copy and paste their credentials?
I believe that the IAM credentials expire/rotate automatically, so we wouldn't be able to simply copy them to any launched instances, rather they would also have to be launched into an IAM role. I imagine the role would be specified in the configuration (or we could check for the existing of a well-known default role e.g. juju) This would still be much easier, IMHO, than pasting in the credentials.
Changed in juju-core: | |
status: | New → Triaged |
importance: | Undecided → Low |
tags: | added: ec2-provider feature |
Changed in juju-core: | |
status: | Triaged → Won't Fix |
Changed in juju: | |
status: | New → Triaged |
importance: | Undecided → High |
To post a comment you must log in.
You can certainly create an IAM account and use the credentials there. I've
done that for several people to enable them to use a shared account. But
each IAM account has its own EC2 secret key and access key.
You could argue that it would be nice to support EC2 username+password,
which could then lookup the associated secret key and access key.
I haven't seen anything about IAM credentials expiring automatically,
perhaps you can configure them to do so, but it isn't a required feature of
IAM.
On Tue, May 6, 2014 at 5:25 PM, justinsb <email address hidden> wrote:
> Public bug reported: /bugs.launchpad .net/bugs/ 1316602 /bugs.launchpad .net/juju- core/+bug/ 1316602/ +subscriptions
>
> Is there any way Juju could support IAM roles with the EC2 provider,
> rather than requiring the user to copy and paste their credentials?
>
> I believe that the IAM credentials expire/rotate automatically, so we
> wouldn't be able to simply copy them to any launched instances, rather
> they would also have to be launched into an IAM role. I imagine the
> role would be specified in the configuration (or we could check for the
> existing of a well-known default role e.g. juju) This would still be
> much easier, IMHO, than pasting in the credentials.
>
> ** Affects: juju-core
> Importance: Undecided
> Status: New
>
> --
> You received this bug notification because you are subscribed to juju-
> core.
> https:/
>
> Title:
> Support for IAM roles?
>
> To manage notifications about this bug go to:
> https:/
>