luxolus/open-vault
2
0
Fork 0
Code Issues 1 Pull requests Releases Activity

Update aws-ec2 configuration help

Browse source 
Updated to reflect enhanced functionality and clarify necessary
permissions.
This commit is contained in:
Michael S. Fischer 2016-10-05 12:39:21 -07:00
parent 70a9fc47b4
commit c45ab41b39
1 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
builtin/credential/aws-ec2/path_config_client.go
View file

@ -193,11 +193,15 @@ type clientConfig struct {
}
const pathConfigClientHelpSyn = `
Configure the client credentials that are used to query instance details from AWS EC2 API.
Configure AWS IAM credentials that are used to query instance and role details from the AWS API.
`
const pathConfigClientHelpDesc = `
aws-ec2 auth backend makes DescribeInstances API call to retrieve information regarding
the instance that performs login. The aws_secret_key and aws_access_key registered with
Vault should have the permissions to make the API call.
The aws-ec2 auth backend makes AWS API queries to retrieve information
regarding EC2 instances that perform login operations. The 'aws_secret_key' and
'aws_access_key' parameters configured here should map to an AWS IAM user that
has permission to make the following API queries:
* ec2:DescribeInstances
* iam:GetInstanceProfile (if IAM Role binding is used)
`