Comments (6)
mtibben
commented on August 15, 2024
Could you just do both? Write out env vars as well as use the metadata
approach?
On Tue, 13 Oct 2015 at 5:04 PM, Lachlan Donald [email protected]
wrote:
Some SDKs don't support http_proxy for Instance Metadata, which means
that they can't get credentials from aws-vault, as it exposes the server
instance via http_proxy.The impact of this issue is that some tools just aren't able to get
credentials, like in #40
#40.(Side note: some SDKs have very short timeouts, probably a different issue)
So whilst there is the --write-env that provides a band-aid, it's hard to
imagine how to provide a solution that would work universally. Some options
I'm considering are:
- Change the default back to writing out environment vars and allow
opt-in to the metadata approach- Provide a small daemon that would actually bind to 169.254.169.254
and forward to the correct exec server via magic. :'(- ???
—
Reply to this email directly or view it on GitHub
#41.
from aws-vault.
pda
commented on August 15, 2024
I'm guessing the presence of the environment variables would stop the SDK from using the instance metadata server; presumably on EC2 you can override the latter with the former…
You can't bind to 169.254.169.254 without having a network interface associated with that address/network. Dynamically reconfiguring network interfaces is another jump in complexity. It might work though, and would seem more reliable than http_proxy.
from aws-vault.
lox
commented on August 15, 2024
After some thought, I think the best way forward is to do a couple of things:
- Default to writing environment vars.
- Allow opting in to
--ec2-metadata, which defaults to 127.0.0.1:0 viahttp_proxyenv. - Allow
--ec2-metadata=169.254.169.254, which will work if you've run thecontrib/lo-ec2-metadata.shscript that will be written. - Add an
awscommand for invoking the aws cli with the correct params.
from aws-vault.
mtibben
commented on August 15, 2024
Perhaps you could introduce the idea of profiles - a set of environment var config to make a certain command or sdk work. The default profile should attempt to work in most use cases, but you could potentially have boto or old-aws or ruby-sdk profiles to give those environments what they're expecting
from aws-vault.
lox
commented on August 15, 2024
It's tempting @mtibben, but I'd rather something that simply works for everything.
from aws-vault.
lox
commented on August 15, 2024
Fixed in master.
from aws-vault.
Related Issues (20)
- aws-vault ec2server cannot utilize an instance of aws-vault proxy that is already running on windows HOT 1
- aws-vault not working with eksctl to update the add-ons of AWS EKS cluster HOT 1
- AppleScript Error Message: variable not defined HOT 1
- mfa_process not working on Windows HOT 1
- [Bug] aws-vault wedges on 'dbus-launch', won't even run `aws-vault --help` or `aws-vault --version` HOT 2
- Usage with MongoDB Compass HOT 3
- Configure aws-vault to cache role tokens HOT 2
- Embedding aws-vault into a golang-written cli HOT 1
- Sponsorship HOT 3
- Unable to find steps to download for Linux ARM Machines HOT 2
- MFA does not seem to be working when using the login function HOT 2
- Can't use --prompt=terminal with --ec2-server on Linux HOT 2
- ECS Server URI needs to include the `get-credentials` path to support AWS SDK Libraries HOT 1
- Unable to decrypt credentials file when using pass backend HOT 5
- Docs out of date for latest version wrt to ykman HOT 1
- No build since March HOT 1
- Feature: import from `~/.aws/credentials` HOT 1
- Error when executing any AWS Vault Command on 7.2.0, in WSL Ubuntu on Windows 11 HOT 1
- mfa_process does not seem to be working with Windows
- Importing aws-vault as a library?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from aws-vault.