Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

bootstrap-aws-installer: Drop "credential_source" in .aws/config. 

Setting `credential_source` is used when assuming role credentials --
that is, when running as one role, use the AssumeRole right to become
someone else.

The AWS command-line tools only do this if `role_arn`, the role to
assume, is also set -- if it is not set, it transparently falls
through to IAM role attached to the EC2 instance profile.  However,
with the `aws-sdk-go` package, used by Teleport, this configuration
produces an error.

Remove the `credential_source = Ec2InstanceMetadata` line, which isn't
necessary for the AWS CLI, and interferes with Teleport operation.
This commit is contained in:
Alex Vandiver 2022-10-28 18:34:13 -04:00 committed by Tim Abbott
parent 6662a3bac4
commit 721a1d7a10
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
tools/setup/bootstrap-aws-installer
View File

@ -41,13 +41,13 @@ export DEBIAN_FRONTEND=noninteractive
# The following line gets subbed in with the contents of bootstrap-awscli.sh
AWS=
# Set up AWS so we can use the role credentials we were started with, which give secrets access
# Set up a bare-bones AWS configuration
mkdir -p /root/.aws
cat >/root/.aws/config <<EOF
[default]
region = us-east-1
output = text
credential_source = Ec2InstanceMetadata
# Credentials are from the IAM role attached to the EC2 instance
EOF
# Set up public keys for root, so we can fetch the repo; this is a