Fwd: AWS Cross Account Roles

Mark Shuttleworth mark at ubuntu.com
Sat Mar 5 00:27:23 UTC 2016


On 04/03/16 12:17, Kapil Thangavelu wrote:
> They can be refreshed prior to expiration to get equivalent immortality,
> example using pysdk
> https://gist.github.com/kapilt/ac8e222081f63ba64e93
>
> Ideal usage is actually using Iam instance roles as well for instance
> credentials which basically work the same way wrt to refresh intervals. As
> perm credentials on servers violates aws best practices.

TO test my understanding, is the idea that one might need to provide
actual credentials when deploying a service or creating a model, but
then the system actually keeps a token which it keeps refreshing rather
than keeping the full credential?

Mark



More information about the Juju mailing list