Fwd: AWS Cross Account Roles

[Kapil Thangavelu]

They can be refreshed prior to expiration to get equivalent immortality,
example using pysdk
https://gist.github.com/kapilt/ac8e222081f63ba64e93

Ideal usage is actually using Iam instance roles as well for instance
credentials which basically work the same way wrt to refresh intervals. As
perm credentials on servers violates aws best practices.



On Fri, Mar 4, 2016 at 12:37 AM John Meinel <john at arbash-meinel.com> wrote:

> At the moment I don't believe we do. We just use your access key and
> secret key to identify you to EC2 when we make requests. We don't support
> using temporary credentials via Assume role
> For those of us wanting to know more here is AWS page
>
> http://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_create_for-user_externalid.html
>
> The big internal technical limitation is that AssumeRole based access
> needs to be refreshed periodically (the temporary keys are good for at most
> 1 hour).
>
> John
> =:->
> On Mar 3, 2016 10:46 PM, "Paul Eipper" <lkraider at gmail.com> wrote:
>
>> Hello,
>>
>> Does Juju work with AWS Cross Account Roles? Specifically, IAM users
>> that need to set the "External ID" string to assume the role?
>>
>> AWS Cli support is enabled by configuring a profile:
>>
>> https://docs.aws.amazon.com/cli/latest/userguide/cli-roles.html#cli-roles-xaccount
>>
>> and then specifying it on the command line:
>> ```
>> aws s3 ls --profile marketingadmin
>> ```
>>
>> Is something like that supported in the Juju EC2 environment config?
>>
>> att,
>> --
>> Paul Eipper
>>
>> --
>> Juju mailing list
>> Juju at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/juju
>>
> --
> Juju mailing list
> Juju at lists.ubuntu.com
> Modify settings or unsubscribe at:
> https://lists.ubuntu.com/mailman/listinfo/juju
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju/attachments/20160304/05243f75/attachment.html>