Add support for ECS task roles as an auth mechanism

This commit is contained in:
Kyle Havlovitz 2016-11-02 18:48:15 -04:00
parent b9aa912e4c
commit a3af480c42
No known key found for this signature in database
GPG Key ID: 8A5E6B173056AD6C
2 changed files with 4 additions and 6 deletions

View File

@ -20,7 +20,7 @@ import (
"github.com/armon/go-metrics/datadog" "github.com/armon/go-metrics/datadog"
"github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/credentials" "github.com/aws/aws-sdk-go/aws/credentials"
"github.com/aws/aws-sdk-go/aws/credentials/ec2rolecreds" "github.com/aws/aws-sdk-go/aws/defaults"
"github.com/aws/aws-sdk-go/aws/ec2metadata" "github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session" "github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ec2" "github.com/aws/aws-sdk-go/service/ec2"
@ -410,9 +410,7 @@ func (c *Config) discoverEc2Hosts(logger *log.Logger) ([]string, error) {
}, },
&credentials.EnvProvider{}, &credentials.EnvProvider{},
&credentials.SharedCredentialsProvider{}, &credentials.SharedCredentialsProvider{},
&ec2rolecreds.EC2RoleProvider{ defaults.RemoteCredProvider(*(defaults.Config()), defaults.Handlers()),
Client: ec2meta,
},
}), }),
} }

View File

@ -201,7 +201,8 @@ will exit with an error at startup.
- Static credentials (from the config file) - Static credentials (from the config file)
- Environment variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`) - Environment variables (`AWS_ACCESS_KEY_ID` and `AWS_SECRET_ACCESS_KEY`)
- Shared credentials file (`~/.aws/credentials` or the path specified by `AWS_SHARED_CREDENTIALS_FILE`) - Shared credentials file (`~/.aws/credentials` or the path specified by `AWS_SHARED_CREDENTIALS_FILE`)
- EC2 Role instance metadata. - ECS task role metadata (container-specific).
- EC2 instance role metadata.
* <a name="_retry_join_ec2_tag_value"></a><a href="#_retry_join_ec2_tag_value">`-retry-join-ec2-tag-value` * <a name="_retry_join_ec2_tag_value"></a><a href="#_retry_join_ec2_tag_value">`-retry-join-ec2-tag-value`
</a> - The Amazon EC2 instance tag value to filter on. </a> - The Amazon EC2 instance tag value to filter on.
@ -707,7 +708,6 @@ Consul will not enable TLS for the HTTP API unless the `https` port has been ass
* `access_key_id` - The AWS access key ID to use for authentication. * `access_key_id` - The AWS access key ID to use for authentication.
* `secret_access_key` - The AWS secret access key to use for authentication. * `secret_access_key` - The AWS secret access key to use for authentication.
* <a name="retry_interval_wan"></a><a href="#retry_interval_wan">`retry_interval_wan`</a> Equivalent to the * <a name="retry_interval_wan"></a><a href="#retry_interval_wan">`retry_interval_wan`</a> Equivalent to the
[`-retry-interval-wan` command-line flag](#_retry_interval_wan). [`-retry-interval-wan` command-line flag](#_retry_interval_wan).