I need to use aws_session_token with puppetlabs-aws
Question
At my work, when using aws cli we use aws_session_token. I don't see anything in puppetlabs-aws support for aws_session_token. Any ideas?
1 answers
solution1
0 2021-01-19 00:33:38
AWS_SESSION_TOKEN is usually used when you're obtaining temporary credentials from AWS security token service (STS). This is usually when you make the call to Assume a role. So a lot of this depends on how you've got your command line set up:
If you are explcitly calling assume role like this:
aws sts assume-role --role-arn "arn:aws:iam::123456789012:role/RoleToAssume" --role-session-name AWSCLI-Session
You should get back a response with three variables:
AWS_ACCESS_KEY_ID
AWS_SECRET_ACCESS_KEY
AWS_SESSION_TOKEN
You should just be able to export each of these as environment variables and then run puppet apply .
If you are not explicitly calling assume role and are using instance profiles, puppet should automatically find these 3 variables.
If you are calling assume role via AWS_PROFILES in your ~/.aws/config then it should just be sufficient to run puppet apply after setting the AWS_PROFILE environment variable.
You may also want to consider using the newer puppetlabs amazon_aws module which superseeds puppetlabs/aws.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.