Comments (4)
jasobrown
commented on September 27, 2024
Currently, there's nothing in the default implementation that allows you to use IAM. It's currently based off the credentials file. However, you can easily create an implementation of ICredential that fetches the accesskeyid/secretaccess key from the instance metadata (which is maintained via the IAM role that the instance launched with). It'd be even more awesome if you can submit a patch with that implementation, too!
from priam.
pcn
commented on September 27, 2024
I'm OK with using the credentials file. I do like the idea of using instance metadata, or using instance-based IAMs in the future, but at the moment I'm just looking to create an IAM whose credentials are:
- Less than access to everything the account has access to
- able to deal with the necessary S3 functions that Priam will use
- able to deal with the necessary SimpleDB operations that Priam will use
- able to deal with any other permissions Priam will use that I may not know of.
Thanks,
-Peter
from priam.
jasobrown
commented on September 27, 2024
Yeah, the instance metadata is much more flexible implementation than flat
files. Hence, that's what the concrete class for ICredential is pluggable;
we have a custom implementation at Netflix for our needs.
From what I gather about amazon IAMs, is that as long as the instance is
launched in a particular role, you can always get the current/updated keys
from the instance metadata URL, and that instance will have consistent
access to assigned resources as keys change/roll. Thus, I think if you have
an ICredential implementation that always uses the instance metadata
(whether or not you actually use IAM), you should be be good to go.
HTH,
-Jason
On Mon, Jun 25, 2012 at 11:19 AM, Peter N <
[email protected]
wrote:
I'm OK with using the credentials file. I do like the idea of using
instance metadata, or using instance-based IAMs in the future, but at the
moment I'm just looking to create an IAM whose credentials are:
- Less than access to everything the account has access to
- able to deal with the necessary S3 functions that Priam will use
- able to deal with the necessary SimpleDB operations that Priam will use
- able to deal with any other permissions Priam will use that I may not
know of.Thanks,
-Peter
Reply to this email directly or view it on GitHub:
#32 (comment)
from priam.
jasobrown
commented on September 27, 2024
Add the IAMCredential class a few weeks ago, that should fetch the IAM credentials via the amazon sdk jar. Hope that helps.
from priam.
Related Issues (20)
- Build Failed
- IAM Credentials Wiki Instructions No Longer Accurate HOT 2
- Sample Issue: Checking slack integration.
- Priam should order stop and start HOT 2
- why to Install Cassandra and web container (such as tomcat) on EC2 instances for netflix-Priam setup? HOT 1
- Architecture diagram of Priam with Cassandra HOT 1
- Priam is not checking the C* process health.
- .travis.yml: The 'sudo' tag is now deprecated in Travis CI
- Double-Checked Locking HOT 1
- Unreleased Resource: Streams HOT 1
- Please open a security advisory
- IDEA Sync fail
- There is a vulnerability in Quartz Enterprise Job Scheduler 2.3.0 ,upgrade recommended
- There is a vulnerability in Apache Commons Configuration 2.4 ,upgrade recommended
- There is a vulnerability in Cassandra 2.1.17 ,upgrade recommended
- There is a vulnerability in SnakeYAML 1.23,upgrade recommended
- There is a vulnerability in Guava: Google Core Libraries for Java 21.0 ,upgrade recommended
- There is a vulnerability in Apache HttpComponents Client(aka Apache HttpClient) 4.5.6 ,upgrade recommended HOT 1
- Document to setup the same with Scylladb, as there are muliple param changes
- Multiple warnings while buliding Priam HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from priam.