Add support for ECS task roles as an auth mechanism
This commit is contained in:
parent
b9aa912e4c
commit
a3af480c42
|
@ -20,7 +20,7 @@ import (
|
||||||
"github.com/armon/go-metrics/datadog"
|
"github.com/armon/go-metrics/datadog"
|
||||||
"github.com/aws/aws-sdk-go/aws"
|
"github.com/aws/aws-sdk-go/aws"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials"
|
"github.com/aws/aws-sdk-go/aws/credentials"
|
||||||
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds"
|
"github.com/aws/aws-sdk-go/aws/defaults"
|
||||||
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
"github.com/aws/aws-sdk-go/aws/ec2metadata"
|
||||||
"github.com/aws/aws-sdk-go/aws/session"
|
"github.com/aws/aws-sdk-go/aws/session"
|
||||||
"github.com/aws/aws-sdk-go/service/ec2"
|
"github.com/aws/aws-sdk-go/service/ec2"
|
||||||
|
@ -410,9 +410,7 @@ func (c *Config) discoverEc2Hosts(logger *log.Logger) ([]string, error) {
|
||||||
},
|
},
|
||||||
&credentials.EnvProvider{},
|
&credentials.EnvProvider{},
|
||||||
&credentials.SharedCredentialsProvider{},
|
&credentials.SharedCredentialsProvider{},
|
||||||
&ec2rolecreds.EC2RoleProvider{
|
defaults.RemoteCredProvider(*(defaults.Config()), defaults.Handlers()),
|
||||||
Client: ec2meta,
|
|
||||||
},
|
|
||||||
}),
|
}),
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -201,7 +201,8 @@ will exit with an error at startup.
|
||||||
- Static credentials (from the config file)
|
- Static credentials (from the config file)
|
||||||
- Environment variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`)
|
- Environment variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`)
|
||||||
- Shared credentials file (`~/.aws/credentials` or the path specified by `AWS_SHARED_CREDENTIALS_FILE`)
|
- Shared credentials file (`~/.aws/credentials` or the path specified by `AWS_SHARED_CREDENTIALS_FILE`)
|
||||||
- EC2 Role instance metadata.
|
- ECS task role metadata (container-specific).
|
||||||
|
- EC2 instance role metadata.
|
||||||
|
|
||||||
* <a name="_retry_join_ec2_tag_value"></a><a href="#_retry_join_ec2_tag_value">`-retry-join-ec2-tag-value`
|
* <a name="_retry_join_ec2_tag_value"></a><a href="#_retry_join_ec2_tag_value">`-retry-join-ec2-tag-value`
|
||||||
</a> - The Amazon EC2 instance tag value to filter on.
|
</a> - The Amazon EC2 instance tag value to filter on.
|
||||||
|
@ -707,7 +708,6 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
|
||||||
* `access_key_id` - The AWS access key ID to use for authentication.
|
* `access_key_id` - The AWS access key ID to use for authentication.
|
||||||
* `secret_access_key` - The AWS secret access key to use for authentication.
|
* `secret_access_key` - The AWS secret access key to use for authentication.
|
||||||
|
|
||||||
|
|
||||||
* <a name="retry_interval_wan"></a><a href="#retry_interval_wan">`retry_interval_wan`</a> Equivalent to the
|
* <a name="retry_interval_wan"></a><a href="#retry_interval_wan">`retry_interval_wan`</a> Equivalent to the
|
||||||
[`-retry-interval-wan` command-line flag](#_retry_interval_wan).
|
[`-retry-interval-wan` command-line flag](#_retry_interval_wan).
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue