Add assume_aws_role_arn that uses EC2 instance profile #168
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
taylorsilva
force-pushed
the
assume-iam-role
branch
4 times, most recently
from
9b6040a
to
2d846ba
Compare
Setting this field will cause the S3 resource to assume the role specified using the Concourse workers IAM role to authenticate to the STS API Signed-off-by: Taylor Silva <[email protected]>
and remove usage of deprecated ioutil package Signed-off-by: Taylor Silva <[email protected]>
taylorsilva
force-pushed
the
assume-iam-role
branch
from
2d846ba
to
cff7028
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Setting this field will cause the S3 resource to assume the role specified using the Concourse workers IAM role to authenticate to the STS API
Closes #151
I want to explain why I've changed my mind about this kind of feature within resources now. The answer is, I've been working on AWS as a customer, and I now fully understand what others asking for this feature were trying to tell us. Using IAM auth is wayyyy more secure than making passing in hard-coded credentials. It is a much safer and sophisticated way of authenticating within the AWS platform. As someone that is running Concourse on AWS, I make use of this IAM authentication through the STS api all the time now. I'm now highly motivated to use this feature everywhere that I can as I've been convinced of its utility.