Skip to content
This repository has been archived by the owner on Jun 4, 2021. It is now read-only.

Add a hack to make AWS Roles usable #1548

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

MikaelSmith
Copy link

Enable using a manually-generated session token for AWS Roles.

A better solution would be to use https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html, but I'm not sure how to add the conditional logic required to add that to the Streisand setup workflow.

@MikaelSmith
Copy link
Author

Actually, I may be able to use AWS_SECURITY_TOKEN. Not very discoverable though.

Copy link
Member

@nopdotcom nopdotcom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should probably be doing this with the Ansible mechanisms, but it sounds like we need a stopgap now. This looks good. Could I ask for just a little change in how this is documented?

then get a session token by running 'aws sts get-caller-identity --profile <profile>' and finding
it in ~/.aws/cli/cache/*.json.

What is your AWS Session Token? Press enter for default (no token).
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The details sound like the kind of thing that could go in the main or advanced documentation. It would let you have less text for the user to read in the dialog and more in the instructions.

Suggested rewrite of the prose:

If you don't use AWS Roles, you should leave this blank.

If you use AWS Roles, see https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-role.html , then get a session token by running 'aws sts get-caller-identity --profile ' and finding it in ~/.aws/cli/cache/*.json.

If you use AWS Roles, what is your AWS Token? Press enter for none.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure where that documentation should go.

Enable using a manually-generated session token for AWS Roles.

A better solution would be to use
https://docs.ansible.com/ansible/latest/modules/sts_assume_role_module.html,
but I'm not sure how to add the conditional logic required to add that
to the Streisand setup workflow.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants