Hacker News new | comments | show | ask | jobs | submit login

how do you avoid 1 - it seems impossible ?



Take a look at hashicorp vault - https://hashicorp.com/blog/vault.html


IAM roles let you assign temporary credentials to machines running scripts. The machine can then hit an internal AWS URL to get the temporary credentials. Many tools know to look for these credentials by default- eg boto checks for credentials in environment variables, config files, and the machines IAM role.


And there's a few tools to emulate the metadata service locally if you need it on dev laptops which makes it use a role as if a server




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: