Comments (6)
dfuentes
commented on July 28, 2024
You have several options depending on your deployment scenario. I would avoid explicitly passing in credentials if possible, and instead rely on credentials provided by the EC2 metadata service (which will automatically generate new security tokens as necessary). How you do this will depend on how you are deploying your application:
For plain EC2 instances, there are EC2 Instance Roles.
If you are on ECS, there is a similar concept with Task Roles. When you attach an IAM role to your ECS task, it works similarly to EC2 instance roles in that chamber will pull credentials from the EC2 metadata service.
For local development, you can use aws-vault's --server flag to emulate the EC2 metadata service.
from chamber.
ironhouzi
commented on July 28, 2024
Sorry, forgot to add the vital information of not running in my container in an AWS context .. Is chamber not intended to run outside of an AWS context, EC2 or ECS.. or whatever other offering AWS might have?
from chamber.
dfuentes
commented on July 28, 2024
It's possible, but we don't currently do this (other than for local development). Without knowing more about your setup, I'm not sure how much help I'm going to be.
In general, you could use the key/secret of an IAM User rather than an IAM role, which would allow you to use static credentials that don't need to refresh. The downside there is that if those credentials are leaked, they are useable as is.
Roles are more secure in that they require a short term security token, but you would need some process to acquire the role access key id, secret, and security token and inject that into your docker container somehow.
from chamber.
ironhouzi
commented on July 28, 2024
@dfuentes I was hoping chamber/APS would be a simple alternative to Hashicorp's Vault, securely providing secrets for microservices in automated deployments, managed through IAM concepts.
If fixed IAM user is the only option outside of deploying on AWS, then I'd need to keep looking for alternatives.
from chamber.
stale
commented on July 28, 2024
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.
from chamber.
stale
commented on July 28, 2024
Closing due to staleness. Closed does not mean "never", just that it has no momentum to get accomplished any time soon.
See CONTRIBUTING.md for more info.
from chamber.
Related Issues (20)
- CVE-2023-24538 - Go Lang 1.19.6 Critical Vulnerability HOT 1
- Please add renovatebot or dependabot to keep dependencies updated HOT 1
- Please consider dropping support for older golang versions like go1.15 and go1.16
- Please consider using GetParameter(s) instead of GetParametersByPath HOT 2
- Logger writes to stdout, messing up output HOT 2
- Chamber is not working with recommended AWS SSO config that uses sso-session HOT 15
- CVE-2023-29404 - Go Lang Critical Vulnerability HOT 1
- Feature request: No clobber of existing environment variables HOT 3
- Artifact upload is failing HOT 1
- CVE-2023-39323 - Go Lang Critical Vulnerability
- Allow using `CHAMBER_BACKEND` env variable to set the backend HOT 2
- Feature request: dry run mode to show full path and result of create/update
- Serialize YAML and JSON into string -> cannot unmarshal !!seq !!map into string HOT 9
- Origin of the name chamber HOT 2
- Add dockerfile golang version to dependabot config
- Feature request: Show key id in history output
- Update to aws-sdk-go-v2
- Incorrect escape of exclamation mark in export HOT 6
- `history` reports duplicate version numbers for Parameter Store key HOT 3
- Chamber crashes looking up AMIs HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from chamber.