Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Need a way of creating a client that is inside a EC2 instance with a IAM role. #133

Closed
ghost opened this issue Oct 9, 2020 · 3 comments · Fixed by #137
Closed

Need a way of creating a client that is inside a EC2 instance with a IAM role. #133

ghost opened this issue Oct 9, 2020 · 3 comments · Fixed by #137

Comments

@ghost
Copy link

ghost commented Oct 9, 2020
edited by ghost
Loading

Not sure if this can be sorted without changing the code, but is there a way of creating a client that takes the credentials from role?
Also, there isn't a zio-s3 group chat where we can discuss anything. ping me your discord tag so we can talk in case we need to do changes I can submit them myself
Thanks
@regis-leray
Copy link
Member

regis-leray commented Oct 9, 2020
edited
Loading

hello, currently zio-s3 only provide a pretty straigtforward way to handle credentials and we dont rely on credentials strategy to rely credentials.
Which i think you are refering from the documentation
https://docs.aws.amazon.com/sdk-for-java/v2/developer-guide/java-dg-roles.html

Are you suggesting to have the same behaviour ?

here my tag in discord channel
regis#5084

@ghost
Copy link
Author

ghost commented Oct 9, 2020

Yeah particularly this part

The final step in the default provider chain is available only when running your application on an Amazon EC2 instance. However, it provides the greatest ease of use and best security when working with Amazon EC2 instances. You can also pass an InstanceProfileCredentialsProvider instance directly to the client constructor to get instance profile credentials without proceeding through the entire default provider chain.

InstanceProfileCredentialsProvider doesn't have a get awsaccessId/secret .

Im using the old import com.amazonaws.auth.DefaultAWSCredentialsProviderChain and getting the access id and secret from there. but we are having issues with it in EC2.

@regis-leray
Copy link
Member

regis-leray commented Oct 10, 2020
edited
Loading

that should work

final case class InvalidCredentials(message: String) extends S3Exception(S3Exception.builder().message(message))

  def fromInstanceProfile: ZIO[Blocking, InvalidCredentials, S3Credentials] = effectBlocking{
    val creds = InstanceProfileCredentialsProvider.builder()
      .build().resolveCredentials()
    S3Credentials(creds.accessKeyId(), creds.secretAccessKey())
  }.mapError(e => InvalidCredentials(e.getMessage))

can you explain the issues you are facing with DefaultAWSCredentialsProviderChain?
How do you plan to configure your credentials if you are using InstanceProfileCredentialsProvider to run your application locally?

@regis-leray regis-leray mentioned this issue Oct 18, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

expose credentials providers zio/zio-s3
1 participant
@regis-leray