Skip Menu |
 

This queue is for tickets about the Net-Amazon-EC2 CPAN distribution.

Report information
The Basics
Id: 81664
Status: resolved
Priority: 0/
Queue: Net-Amazon-EC2

People
Owner: Nobody in particular
Requestors: lenny-bitcard [...] efkc.com
Cc:
AdminCc:

Bug Information
Severity: Wishlist
Broken in: 0.22
Fixed in: 0.24



Subject: Feature Request: IAM Roles
Greetings- Earlier this year, AWS introduced IAM Roles, a feature that allows users to assign temporary, automatically-rotating AWS credentials to an EC2 instance, for use in making API requests. The keys are made available by AWS on the EC2 metadata service. This greatly simplifies the process of distributing AWS keys to EC2 instances in a secure fashion. I think it would be very useful to folks if Net::Amazon::EC2 supported retrieving the AWS credentials via IAM Roles, so hopefully you could look into supporting it. I'd implement it myself, but my perl is a little rusty at this point. Here is the relevant documentation: How to use IAM Roles: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMrolesWithAmazonEC2Instances How to make API calls with Temporary credentials (such as those obtained from an IAM Role): http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html# UsingTemporarySecurityCredentials_EC2 Information on how to set up roles: http://docs.amazonwebservices.com/IAM/latest/UserGuide/WorkingWithRoles. html Thanks! -Lenny
Download (untitled) / with headers
text/plain 1.2k
On Mon Dec 03 10:08:32 2012, lenny-bitcard@efkc.com wrote: Show quoted text
> Greetings- > > Earlier this year, AWS introduced IAM Roles, a feature that allows > users > to assign temporary, automatically-rotating AWS credentials to an EC2 > instance, for use in making API requests. The keys are made available > by > AWS on the EC2 metadata service. This greatly simplifies the process > of > distributing AWS keys to EC2 instances in a secure fashion. > > I think it would be very useful to folks if Net::Amazon::EC2 supported > retrieving the AWS credentials via IAM Roles, so hopefully you could > look into supporting it. I'd implement it myself, but my perl is a > little rusty at this point. Here is the relevant documentation: > > How to use IAM Roles: >
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMroles WithAmazonEC2Instances Show quoted text
> > How to make API calls with Temporary credentials (such as those > obtained > from an IAM Role): > http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html# > UsingTemporarySecurityCredentials_EC2 > > Information on how to set up roles: > http://docs.amazonwebservices.com/IAM/latest/UserGuide/WorkingWithRoles. > html > > Thanks! > -Lenny
Thanks for the suggestion. I'll take a look at it.
Subject: [rt.cpan.org #81664]
Date: Mon, 23 Sep 2013 14:50:47 +0200
To: bug-Net-Amazon-EC2 [...] rt.cpan.org
From: Diego Fernández Durán <diego [...] goedi.net>
Download (untitled) / with headers
text/plain 1.4k
Hello, I've done a modification to your code to use IAM roles. Mabe you find it useful. This is the patch: --- EC2.pm.orig 2013-09-23 12:11:37.447616567 +0200 +++ EC2.pm 2013-09-23 14:39:32.650621019 +0200 @@ -144,6 +144,7 @@ has 'AWSAccessKeyId' => ( is => 'ro', isa => 'Str', required => 1 ); has 'SecretAccessKey' => ( is => 'ro', isa => 'Str', required => 1 ); +has 'SecurityToken' => ( is => 'ro', isa => 'Str', required => 0 ); has 'debug' => ( is => 'ro', isa => 'Str', required => 0, default => 0 ); has 'signature_version' => ( is => 'ro', isa => 'Int', required => 1, default => 1 ); has 'version' => ( is => 'ro', isa => 'Str', required => 1, default => '2009-11-30' ); @@ -176,6 +177,7 @@ my $action = delete $args{Action}; my %sign_hash = %args; $sign_hash{AWSAccessKeyId} = $self->AWSAccessKeyId; + $sign_hash{SecurityToken} = $self->SecurityToken; $sign_hash{Action} = $action; $sign_hash{Timestamp} = $self->timestamp; $sign_hash{Version} = $self->version; @@ -198,6 +200,9 @@ Timestamp => $self->timestamp, Version => $self->version, Signature => $encoded, + (defined $self->SecurityToken) + ? (SecurityToken => $self->SecurityToken) + : (), %args ); Best regards. Diego.
Subject: [rt.cpan.org #81664]
Date: Wed, 25 Sep 2013 10:20:08 +0200
To: bug-Net-Amazon-EC2 [...] rt.cpan.org
From: Diego Fernández Durán <diego [...] goedi.net>
Download (untitled) / with headers
text/plain 1.5k
Hi again, This patch is a little better. --- EC2.pm.orig 2013-09-23 12:11:37.447616567 +0200 +++ EC2.pm 2013-09-25 09:57:59.407458600 +0200 @@ -144,6 +144,7 @@ has 'AWSAccessKeyId' => ( is => 'ro', isa => 'Str', required => 1 ); has 'SecretAccessKey' => ( is => 'ro', isa => 'Str', required => 1 ); +has 'SecurityToken' => ( is => 'ro', isa => 'Str', required => 0 ); has 'debug' => ( is => 'ro', isa => 'Str', required => 0, default => 0 ); has 'signature_version' => ( is => 'ro', isa => 'Int', required => 1, default => 1 ); has 'version' => ( is => 'ro', isa => 'Str', required => 1, default => '2009-11-30' ); @@ -176,6 +177,9 @@ my $action = delete $args{Action}; my %sign_hash = %args; $sign_hash{AWSAccessKeyId} = $self->AWSAccessKeyId; + if (defined $self->SecurityToken) { + $sign_hash{SecurityToken} = $self->SecurityToken; + } $sign_hash{Action} = $action; $sign_hash{Timestamp} = $self->timestamp; $sign_hash{Version} = $self->version; @@ -198,6 +202,9 @@ Timestamp => $self->timestamp, Version => $self->version, Signature => $encoded, + (defined $self->SecurityToken) + ? (SecurityToken => $self->SecurityToken) + : (), %args ); Diego.
Download (untitled) / with headers
text/plain 460b
On Mon Dec 03 10:08:32 2012, lenny-bitcard@efkc.com wrote: Show quoted text
> Earlier this year, AWS introduced IAM Roles, a feature that allows > users > to assign temporary, automatically-rotating AWS credentials to an EC2 > instance, for use in making API requests. The keys are made available > by > AWS on the EC2 metadata service. This greatly simplifies the process > of > distributing AWS keys to EC2 instances in a secure fashion.
This was implemented in release 0.24


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.