Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support EC2 metadata service #265

Closed
synfinatic opened this issue Jan 17, 2022 · 7 comments
Closed

Support EC2 metadata service #265

synfinatic opened this issue Jan 17, 2022 · 7 comments
Labels
enhancement New feature or request wontfix This will not be worked on

Comments

@synfinatic
Copy link
Owner

"One of the main uses for us in aws-vault is the metadata service for running lambda's locally and/or vagrant machines"
@synfinatic synfinatic added the enhancement New feature or request label Jan 17, 2022
@synfinatic synfinatic mentioned this issue Jan 18, 2022
Closed
@synfinatic
Copy link
Owner Author

IMDS uses a hard coded IP/port: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html

So under typical configurations, each host has access to a single IMDS and there really is no cross platform way to hand out different credentials to different processes- everything is truly global.

@synfinatic synfinatic mentioned this issue May 11, 2022
Closed
@marcelmindemann
Copy link

Hey @synfinatic,

thanks a lot for this tool. We have been trying it out in our company to replace aws-vault after migrating to AWS SSO. It's absolutely great, and fulfils 90% of our use case. However, the missing support for the local EC2 metadata serve is currently a show stopper to adopt it for the full company. Our data scientists rely on the EC2 metadata server functionality of aws-vault for Jupyter development, as this requires a long-running process constantly getting fresh credentials.

Can you estimate how long the implementation of this feature will take? Is there any way we can support the development of this feature, by code contribution or financial sponsoring?

@synfinatic
Copy link
Owner Author

Hi @marcelmindemann. Code contributions are definitely welcome!

That said, I'd love to understand if you just want parity with was-vault or if there is room for improvement.

@synfinatic
Copy link
Owner Author

@marcelmindemann I also meant to ask, is the EC2 metadata service the ideal solution or would be the ECS endpoint better? #398

@wparad
Copy link

wparad commented Jul 23, 2023

@marcelmindemann I also meant to ask, is the EC2 metadata service the ideal solution or would be the ECS endpoint better? #398

The ECS metadata endpoint is required because EC2 requires sudo to run because it is hosted on a protected port 80. So the ECS metadata endpoint is really the better solution.

@synfinatic synfinatic added this to the v1.12.0 milestone Aug 2, 2023
@synfinatic synfinatic changed the title Support metadata service Support EC2 metadata service Aug 4, 2023
@synfinatic
Copy link
Owner Author

synfinatic commented Aug 4, 2023
edited
Loading

Deciding to do ECS (#398) instead of this ticket for now. Most likely will never do this, but leaving it open should people wish to chime in and argue this is important to them.

@synfinatic synfinatic added wontfix This will not be worked on and removed priority:medium labels Aug 4, 2023
@synfinatic synfinatic removed this from the v1.12.0 milestone Aug 4, 2023
@synfinatic
Copy link
Owner Author

users wishing to vote for this feature should open a new ticket.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@synfinatic @wparad @marcelmindemann