Hacker News new | comments | show | ask | jobs | submit login

The IAM authentication is really annoying. It's not supported by many client libraries, nor have I found an easy way to make arbitrary HTTP calls with signature v4.

The only other options are completely public or IP-based whitelist, the latter which is untenable in most cloud environments.




You can also use a signing proxy.


I wasn't aware of that option. I'll look into it.


A simple solution in this vein is to white list your the EIP addresses of your NAT. This would give access to all resources in a private subnet (this is useful for Lambda's running in subnets).


>nor have I found an easy way to make arbitrary HTTP calls with signature v4.

https://github.com/okigan/awscurl


Yep, that's precisely why I made awscurl "easy way to make calls to AWS".

I can be easily tested with AWS Elasticsearch.


It's a great tool man, I use it tonnes, thanks for making it!




Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: