stackoom
  简体   繁体   中英

Rails: How to reuse AWS credentials from ECS using containers

 原文  2021-10-03 16:35:28       ruby-on-rails/ ruby/ amazon-s3

Question

We have deployed Rails application on AWS(using docker image within container) and using S3 and SES services to upload files and sending Emails.Both We require AWS access_key_id, secret_access_key and session_token to communicate with AWS S3 and SES. We use Aws::ECSCredentials services to get AWS credentials which lasts 6 hours.

After 5.55 hours, we again fetch credentials using Aws::ECSCredentials.new() api call. We use CarrierWave to upload files to AWS S3 and using CarrierWave initializer as below to set credentials and this works only first 6 hours until credentials do not expires.

CarrierWave.configure do |config|
  config.fog_credentials = {
    provider: "AWS",
    aws_access_key_id: Settings.amazon.access_key_id,
    aws_secret_access_key: Settings.amazon.secret_access_key,
    region: Settings.amazon.region,
  }

  config.storage = :fog
  config.fog_directory  = Settings.amazon.attachments_bucket
  config.fog_public     = false
end

Once first time set credentials expire, we again make a call to Aws::ECSCredentials.new() to get new credentials. To use new credentials, we have to reinitialize CarrierWave in ImageUploader(inherited from CarrierWave) as below.

class AvatarUploader < CarrierWave::Uploader::Base
  storage :fog


  **def initialize(*)
    super
    self.fog_credentials = {
      :provider               => 'AWS',              # required
      :aws_access_key_id      => 'YOURAWSKEYID',     # required
      :aws_secret_access_key  => 'YOURAWSSECRET',    # required
    }
    self.fog_directory = "YOURBUCKET"
  end
end

Is this approach fine to re-initialize CarrierWave everytime? I fear this may create Ruby memory issue by creating garbage objects. Can someone please help in this? Is there any better approach to handle it?

1 answers

solution1
 0  2021-10-13 21:53:16

Is your company using AWS Single Sign-On (AWS SSO)? If not, I would recommend doing so. This way you could configure the AWS CLI to use those IAM roles securely to have sessions of a desired time period with refreshing tokens. You can find more details at the official docs

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to setup AWS credentials in rails for development? How to easily access docker container when using AWS ECS? How to reuse a rails app The missing piece of the puzzle: how to run Rails C on an AWS ECS Fargate environment How to reuse the rendering actions from nested controllers in Rails? Rails keeps asking for AWS credentials for MySQL storage Ruby on Rails sitemap using Amazon ECS(Fargate) Rails deployment to AWS ECS container service through Capistrano RDS related error when deploying a Docker Rails 6 app to AWS ECS How to reuse a Rails template in ActionMailer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM