Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
How to support modern AWS credential management? (Request for comment)
See original GitHub issueAWS has a number of ways to provide credentials that s3-wagon-private doesn’t really support. It would be good to integrate into that ecosystem. I think this should mostly be a matter of upgrading to the latest AWS SDK, but I’m not sure how tools like aws-vault should fit into this.
This issue is to get feedback from users in how and where they want to use this plugin, and what auth mechanisms should be supported.
The standard hierarchy (see Reading Credentials at Run Time) is:
- In environment variables.
- In the central credentials file (~/.aws/credentials or %USERPROFILE%.aws\credentials).
- In an existing default, SDK-specific configuration file, if one exists. This would be the case if you had been using the SDK before these changes were made.
- For the .NET SDK, in the SDK Store, if it exists.
- If the code is running on an EC2 instance, via an IAM role for Amazon EC2. In that case, the code gets temporary security credentials from the instance metadata service; the credentials have the permissions derived from the role that is associated with the instance.
Issue Analytics
- State:
- Created 7 years ago
- Reactions:3
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
Sounds good, I’ll send over a PR for an updated readme then.
For multiple profiles, I think you’re talking about AWS profiles and not leiningen profiles, in which case they should work just fine with env vars now. The DefaultAWSCredentialsProviderChain (the new hero) includes the ProfileCredentialsProvider which reads either the
AWS_PROFILEenv var or theaws.profileJava system property (which could just be checked in to project.clj if desired since it’s non-sensitive and would help ensure using the correct profile).For the :username :env stuff I was specifically talking about this line in the readme: To use the environment for credentials, include :username :env :passphrase :env instead of :creds :gpg and export LEIN_USERNAME and LEIN_PASSPHRASE environment variables.
I believe all that behavior continues to work so no one is broken with a new version. (I think we’re on the same page here – stop documenting
LEIN_PASSPHRASEbut let it work for now).I think we’re pretty good now for this, by support AWS SDK provider chains. Thanks heaps for your work @sheelc!