Skip Menu |

This queue is for tickets about the Net-Amazon-EC2 CPAN distribution.

Report information
The Basics
Id: 81664
Status: resolved
Priority: 0/
Queue: Net-Amazon-EC2
People
Owner: Nobody in particular
Requestors: lenny-bitcard [...] efkc.com
Cc:
AdminCc:
Bug Information
Severity: Wishlist
Broken in: 0.22
Fixed in: 0.24

History Show all quoted text
  Mon Dec 03 10:08:32 2012 lenny-bitcard [...] efkc.com - Ticket created
Subject: Feature Request: IAM Roles
Greetings- Earlier this year, AWS introduced IAM Roles, a feature that allows users to assign temporary, automatically-rotating AWS credentials to an EC2 instance, for use in making API requests. The keys are made available by AWS on the EC2 metadata service. This greatly simplifies the process of distributing AWS keys to EC2 instances in a secure fashion. I think it would be very useful to folks if Net::Amazon::EC2 supported retrieving the AWS credentials via IAM Roles, so hopefully you could look into supporting it. I'd implement it myself, but my perl is a little rusty at this point. Here is the relevant documentation: How to use IAM Roles: http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMrolesWithAmazonEC2Instances How to make API calls with Temporary credentials (such as those obtained from an IAM Role): http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html# UsingTemporarySecurityCredentials_EC2 Information on how to set up roles: http://docs.amazonwebservices.com/IAM/latest/UserGuide/WorkingWithRoles. html Thanks! -Lenny
  Thu Dec 20 14:51:12 2012 mrallen1 [...] yahoo.com - Correspondence added
On Mon Dec 03 10:08:32 2012, lenny-bitcard@efkc.com wrote: Show quoted text
> Greetings- > > Earlier this year, AWS introduced IAM Roles, a feature that allows > users > to assign temporary, automatically-rotating AWS credentials to an EC2 > instance, for use in making API requests. The keys are made available > by > AWS on the EC2 metadata service. This greatly simplifies the process > of > distributing AWS keys to EC2 instances in a secure fashion. > > I think it would be very useful to folks if Net::Amazon::EC2 supported > retrieving the AWS credentials via IAM Roles, so hopefully you could > look into supporting it. I'd implement it myself, but my perl is a > little rusty at this point. Here is the relevant documentation: > > How to use IAM Roles: >
http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html#UsingIAMroles WithAmazonEC2Instances Show quoted text
> > How to make API calls with Temporary credentials (such as those > obtained > from an IAM Role): > http://docs.amazonwebservices.com/AWSEC2/latest/UserGuide/UsingIAM.html# > UsingTemporarySecurityCredentials_EC2 > > Information on how to set up roles: > http://docs.amazonwebservices.com/IAM/latest/UserGuide/WorkingWithRoles. > html > > Thanks! > -Lenny
Thanks for the suggestion. I'll take a look at it.
  Thu Dec 20 14:51:13 2012 The RT System itself - Status changed from 'new' to 'open'
  Mon Sep 23 08:51:05 2013 diego [...] goedi.net - Correspondence added
Subject: [rt.cpan.org #81664]
Date: Mon, 23 Sep 2013 14:50:47 +0200
To: bug-Net-Amazon-EC2 [...] rt.cpan.org
From: Diego Fernández Durán <diego [...] goedi.net>
Hello, I've done a modification to your code to use IAM roles. Mabe you find it useful. This is the patch: --- EC2.pm.orig 2013-09-23 12:11:37.447616567 +0200 +++ EC2.pm 2013-09-23 14:39:32.650621019 +0200 @@ -144,6 +144,7 @@ has 'AWSAccessKeyId' => ( is => 'ro', isa => 'Str', required => 1 ); has 'SecretAccessKey' => ( is => 'ro', isa => 'Str', required => 1 ); +has 'SecurityToken' => ( is => 'ro', isa => 'Str', required => 0 ); has 'debug' => ( is => 'ro', isa => 'Str', required => 0, default => 0 ); has 'signature_version' => ( is => 'ro', isa => 'Int', required => 1, default => 1 ); has 'version' => ( is => 'ro', isa => 'Str', required => 1, default => '2009-11-30' ); @@ -176,6 +177,7 @@ my $action = delete $args{Action}; my %sign_hash = %args; $sign_hash{AWSAccessKeyId} = $self->AWSAccessKeyId; + $sign_hash{SecurityToken} = $self->SecurityToken; $sign_hash{Action} = $action; $sign_hash{Timestamp} = $self->timestamp; $sign_hash{Version} = $self->version; @@ -198,6 +200,9 @@ Timestamp => $self->timestamp, Version => $self->version, Signature => $encoded, + (defined $self->SecurityToken) + ? (SecurityToken => $self->SecurityToken) + : (), %args ); Best regards. Diego.
  Wed Sep 25 04:20:27 2013 diego [...] goedi.net - Correspondence added
Subject: [rt.cpan.org #81664]
Date: Wed, 25 Sep 2013 10:20:08 +0200
To: bug-Net-Amazon-EC2 [...] rt.cpan.org
From: Diego Fernández Durán <diego [...] goedi.net>
Hi again, This patch is a little better. --- EC2.pm.orig 2013-09-23 12:11:37.447616567 +0200 +++ EC2.pm 2013-09-25 09:57:59.407458600 +0200 @@ -144,6 +144,7 @@ has 'AWSAccessKeyId' => ( is => 'ro', isa => 'Str', required => 1 ); has 'SecretAccessKey' => ( is => 'ro', isa => 'Str', required => 1 ); +has 'SecurityToken' => ( is => 'ro', isa => 'Str', required => 0 ); has 'debug' => ( is => 'ro', isa => 'Str', required => 0, default => 0 ); has 'signature_version' => ( is => 'ro', isa => 'Int', required => 1, default => 1 ); has 'version' => ( is => 'ro', isa => 'Str', required => 1, default => '2009-11-30' ); @@ -176,6 +177,9 @@ my $action = delete $args{Action}; my %sign_hash = %args; $sign_hash{AWSAccessKeyId} = $self->AWSAccessKeyId; + if (defined $self->SecurityToken) { + $sign_hash{SecurityToken} = $self->SecurityToken; + } $sign_hash{Action} = $action; $sign_hash{Timestamp} = $self->timestamp; $sign_hash{Version} = $self->version; @@ -198,6 +202,9 @@ Timestamp => $self->timestamp, Version => $self->version, Signature => $encoded, + (defined $self->SecurityToken) + ? (SecurityToken => $self->SecurityToken) + : (), %args ); Diego.
  Wed Jul 02 22:40:08 2014 mrallen1 [...] yahoo.com - Correspondence added
On Mon Dec 03 10:08:32 2012, lenny-bitcard@efkc.com wrote: Show quoted text
> Earlier this year, AWS introduced IAM Roles, a feature that allows > users > to assign temporary, automatically-rotating AWS credentials to an EC2 > instance, for use in making API requests. The keys are made available > by > AWS on the EC2 metadata service. This greatly simplifies the process > of > distributing AWS keys to EC2 instances in a secure fashion.
This was implemented in release 0.24
  Wed Jul 02 22:40:12 2014 mrallen1 [...] yahoo.com - Status changed from 'open' to 'resolved'
  Wed Jul 02 22:40:12 2014 mrallen1 [...] yahoo.com - Fixed in 0.24 added